For Caching Proxy there is no option to create CMS key database in IBM Key Management Utility
 Technote (troubleshooting)
 
Problem(Abstract)
After starting the IBM® Key Management utility, CMS is not listed as a Key Database type.
 
Cause
The Java™ installation being used (value of JAVA_HOME environmental variable) is not configured to use CMS.
 
Resolving the problem
These instructions assume you have the prerequisites installed and set:
  • GSKit installed
  • JDK 1.3.1 or later installed for GSKit 5, or JDK 1.4.1 or later is installed for GSKit 7
Note: Do not move or delete JARs in a JDK that another product (for example, WebSphere® Application Server) depends on. Doing so can break or prevent the dependent product from operating properly. If you are unsure if the JDK is in use, install a separate JDK for the IBM Key Management utility.
  • JAVA_HOME is set, for example:
    export JAVA_HOME =/opt/IBMJava2-141/jre
    set JAVA_HOME=C:\Program Files\Java\j2re1.4.0_01)

Complete the following steps:
  1. Remove or move ibmjsse.jar, gskikm.jar (if any) and ibmjcaprovider.jar files from your JAVA_HOME/jre/lib/ext directory.


  2. Modify JAVA_HOME/lib/security/java.security or JAVA_HOME/jre/lib/security/java.security to add the following GSKit security provider entries:

    security.provider.X=sun.security.provider.Sun                security.provider.X=com.ibm.spi.IBMCMSProvider                          security.provider.X=com.ibm.crypto.provider.IBMJCE  

    For example, if your java.security file currently has the following listed:

    security.provider.1=com.ibm.security.jgss.IBMJGSSProvider
    security.provider.2=com.ibm.security.cert.IBMCertPath

    modify it to include the required GSKit security providers so that it looks like the following:

    security.provider.1=sun.security.provider.Sun                           security.provider.2=com.ibm.spi.IBMCMSProvider                          security.provider.3=com.ibm.crypto.provider.IBMJCE
    security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
    security.provider.5=com.ibm.security.cert.IBMCertPath

    Note: The numbers located at the end of security.provider. indicate the order of precedence. Add these three new security providers as the first three entries, unless another application on your system has a dependence on the order. If they cannot be listed first, make sure that sun.security.provider.Sun is listed before com.ibm.spi.IBMCMSProvider and com.ibm.crypto.provider.IBMJCE.


  3. Add required GSKit .jar files to the JDK.

    Note
    : GSKit 5 uses JDK 1.3 or 1.4, and GSkit 7 uses JDK 1.4 or later.

    For GSkit 5:
    Continue to step 4.

    For GSKit 7:
    Copy JARs to JDK installation directory from GSKIT installation directory. All JARs are available in GSKit_Installation_path/classes/jre/lib/ext/

    JDK 1.4.1:
    Copy the following JARs to JAVA_HOME/jre/lib/.
    jre/lib/ibmjcefw.jar
    jre/lib/ibmpkcs11.jar

    Copy the following JARs to JAVA_HOME/jre/lib/ext/.
    ibmjceprovider.jar
    ibmpkcs.jar

    Copy the following JARs to JAVA_HOME/jre/lib/security.
    local_policy.jar
    US_export_policy.jar


  4. Start IBM Key Management Utility.

    For GSKit 5, type command: gsk5ikm

    For GSKit 7, type command: gsk7ikm_gcc295


The CMS key database option is now listed when the IBM Key Management Utility is started. If it is not, contact 1-800-IBM-SERV for additional support.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Edge Server Caching Proxy AIX, Linux, Solaris, Windows 2000, Windows NT Edge Server 2.0 GA, Edge Server 2.0 NLV, Edge Server 2.0.x
Application Servers Runtimes for Java Technology Java SDK
 
Historical Number
195185
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Edge Component
Operating system(s): Windows
Software version: 5.1.1
Software edition:
Reference #: 1166332
IBM Group: Software Group
Modified date: Sep 3, 2007