IBM Security Key Lifecycle Manager Version 2.5.0 -- Distributed Platforms Fix Pack 10 README

Abstract

Readme documentation for IBM® Security® Key Lifecycle Manager for Distributed Platforms, Version 2.5.0 Fix Pack 10 including installation-related instructions, prerequisites and corequisites, and a list of fixes. All IBM Security Key Lifecycle Manager for Distributed Platforms fix packs are cumulative. This fix pack contains the content of all prior fix packs published to date.

Fix Pack Publish date: 28 August 2018

Last modified date:24 August 2018

Contents

Platform support
Download locations
Prerequisites and corequisites
Known issues
Known limitations
Updates to CLI commands

Installation information
Installing the IBM Security Key Lifecycle Manager fix pack
Prior to fix pack installation
Performing the necessary tasks after fix pack installation
Uninstalling the IBM Security Key Lifecycle Manager along with fix pack
List of Fixes and Features
Copyright and trademark information
Document change history

Platform support

IBM Security Key Lifecycle Manager Version 2.5.0 platforms supported

AIX Version 6.1 64-bit

AIX Version 7.1 64-bit

Red Hat Enterprise Linux Version 5 update 4 on x86 64-bit in 32-bit mode

Red Hat Enterprise Linux Version 6 update 3 on x86 64-bit in 32-bit mode

Red Hat Enterprise Linux Version 5 update 4 (System z) on x86 64–bit mode

Red Hat Enterprise Linux Version 6 update 3 (System z) on x86 64–bit mode

SuSE Linux Enterprise Server Version 10 on x86 64–bit

SuSE Linux Enterprise Server Version 11 on x86 64–bit mode

SuSE Linux Enterprise Server Version 11 (System z) on x86 64–bit mode

Sun Server Solaris 10 (SPARC 64–bit in 32-bit mode)

Windows Server 2008 R2 (64-bit in 32-bit mode for all Intel and AMD processors) Standard Edition

Windows Server 2008 R2 (64-bit in 32-bit mode for all Intel and AMD processors) Enterprise Edition

Windows Server 2012 (64-bit in 32-bit mode for all Intel and AMD processors) Standard Edition

IBM Security Key Lifecycle Manager Version 2.5.0 has been certified to run on the following virtual environments. The platform running within the virtual machine must be supported by the virtual platform server and Security Key Lifecycle Manager Version 2.5.0 (see "Platform support" table).

IBM Security Key Lifecycle Manager Version 2.5.0 virtual platforms supported

VMWare ESX/ESXi Server Versions 4.0, 5.0, 5.1 and 5.5

Red Hat Enterprise Virtualization/Kernel-Based Virtual Machine (RHEV/KVM) Version 5.4

Download location

Download IBM Security Key Lifecycle Manager, Version 2.5.0 fix pack from IBM Fix Central

1. Go to IBM Fix Central home page: http://www.ibm.com/support/fixcentral/

2. For the Product Group, select "Security Systems"

3. For the Product, select "IBM Security Key Lifecycle Manager".

4. For Installed Version, select your system's appropriate version level, ie. 2.5.0.0.

5. For Platform, select the appropriate platform. Choose "Continue".

6. At the Identify Fixes page, select the "Browse for Fixes" radio button (default) and choose "Continue".

7. At the Select Fixes page, choose "Fix Pack 2.5.0-ISS-SKLM-FP0010". Choose "Continue".

8. You might be prompted to "Sign In". If you do not have an ID, click on the "register now" link and follow the registration steps as appropriate.

9. At the Download Options page, choose a download method (default is "Download using Download Director").

10. Select the associated files and README for Fix Pack 2.5.0-ISS-SKLM-FP0010 and select "Download now".

Platforms updated by this fix pack

Product/Component Name	Platform	File Name
IBM Security Key Lifecycle Manager, Version 2.5.0, Fix Pack - 2.5.0-ISS-SKLM-FP0010	AIX	2.5.0-ISS-SKLM-FP0010-AIX.tar.gz
IBM Security Key Lifecycle Manager, Version 2.5.0, Fix Pack - 2.5.0-ISS-SKLM-FP0010	Linux	2.5.0-ISS-SKLM-FP0010-Linux.tar.gz
IBM Security Key Lifecycle Manager, Version 2.5.0, Fix Pack - 2.5.0-ISS-SKLM-FP0010	zLinux (System z)	2.5.0-ISS-SKLM-FP0010-zLinux.tar.gz
IBM Security Key Lifecycle Manager, Version 2.5.0, Fix Pack - 2.5.0-ISS-SKLM-FP0010	Solaris	2.5.0-ISS-SKLM-FP0010-Solaris.tar.gz
IBM Security Key Lifecycle Manager, Version 2.5.0, Fix Pack - 2.5.0-ISS-SKLM-FP0010	Windows	2.5.0-ISS-SKLM-FP0010-Windows.zip

For current version 2.5.0 installations: This fix pack can be installed on systems with a minimum level of IBM Security Key Lifecycle Manager, Version 2.5.0 GA. You can also install on any of the previously published fix packs. For example, 2.5.0 FP1, 2.5.0 FP2, 2.5.0 FP3, 2.5.0 FP4, 2.5.0 FP5, 2.5.0 FP6, 2.5.0 FP7 , 2.5.0 FP8 or 2.5.0 FP9.

Prerequisites and corequisites

Installation of this fix pack requires a minimum level of IBM Security Key Lifecycle Manager, Version 2.5.0 GA installed on the system. You can also install on any of the previously published fix packs. For example, 2.5.0 FP1, 2.5.0 FP2, 2.5.0 FP3, 2.5.0 FP4, 2.5.0 FP5, 2.5.0 FP6, 2.5.0 FP7, 2.5.0 FP8 or 2.5.0 FP9

Known issues

· 1. While using silent mode installation, if installation has failed due to wrong repository path in response file then user may see following warnings:

CRIMA1002W WARNING: The following repositories are not connected:
<old repository path>
Failed to connect to one or more repositories. The repository might be unavailable for several reasons.

Check the repository is correct and accessible by verifying the following:

a. Verify all the repositories location is correct and available.

b. In case repositories require credentials, verify the credentials are correctly set in the repositories preference.

c. Verify if the network connection is available. For environments that use firewalls, verify that access to the repository location is available.

d. For environments that use proxies, verify the proxy settings are correctly set in the HTTP/FTP preference.

e. Update offerings require that base offerings be available. Verify the base offering is available in a repository. Use the listAvailablePackages command to view the packages available in a repository.

f. While using IBM Passport Advantage site, verify the connection to the site. Also verify the Passport Advantage connection in the Passport Advantage preference.

· 2. While using silent mode installation, if you see the following message:

Updated to com.ibm.sklm.aix_2.5.0.8 in the /opt/IBM/SKLMV25 directory.
WARNING: Problem at line 3, column 35: The "acceptLicense" attribute has been deprecated. Use "-acceptLicense" command line option to accept license agreements.
CRIMA1002W WARNING: The following repositories are not connected:
<old repository path>
Failed to connect to one or more repositories. The repository might be unavailable for several reasons.

This means, you might have updated to the latest FP level, run the wsadmin AdminTask.tklmVersionInfo() CLI to confirm that.

· 3. SKLM v2.5 GA configuration with LDAP may fail. As a fix apply SKLM v2.5 Fix Pack 2 or later and follow this technote for configuration: http://www-01.ibm.com/support/docview.wss?uid=swg21670824.

· 4. Issues with SKLM v2.5 Uninstallation when Fixpack is applied. Refer to this technote http://www.ibm.com/support/docview.wss?uid=swg21982503.

· 5. In some cases after creating a new backup from the UI the table showing backup list shows “Failed to load data”.
Workaround- Navigate to other page on the SKLM GUI and then back to Backup and Restore page and check the Backup List table. Backups will be displayed properly.

· 6. RHEL 6 -on installing the Fix Pack in UI mode, clicking on the "next" button on first installation manager page, users may receive this error: MESSAGE ERROR
JVM terminated. Exit code=1
......
......
-vmargs
-Xms40m
-Xmx1024m
-Xquickstart
-Xgcpolicy:gencon
....
Workaround- Add -Dorg.eclipse.swt.internal.gtk.cairoGraphics=false in the /opt/IBM/InstallationManager/eclipse/IBMIM.ini file, and restart the FP installation process.

· More Known Issues can be found at https://www-01.ibm.com/support/docview.wss?uid=swg21654456.

Known limitations

· Rollback of installed fix pack is not supported.

Updates to CLI commands

· tklmServedDataList:O APAR IV16269 added a new option in tklmServedDataList command to specify the number of entries that will be displayed. This new option is outputCount.
If outputCount is 0 (zero), SKLM will display all the entries. If outputCount is not specified, SKLM will display 2000 entries. For example: print AdminTask.tklmServedDataList ('[-outputCount 3000]') will display 3000 audit entries.
Note: When setting a large outputCount value or zero, and you have a large number of audit entries, the wsadmin process may timeout.

Installing the IBM Security Key Lifecycle Manager fix pack

Prior to fix pack installation

1. Ensure that IBM Security Key Lifecycle Manager is not in use before installing the fix pack. If your facility has a "service maintenance outage" process, consider installing this fix pack during an arranged service outage.

2. A backup of your IBM Security Key Lifecycle Manager server should be performed prior to installing this fix pack. Follow the steps Backing up critical files in the Administering section of the IBM Security Key Lifecycle Manager Product Manuals.

Backup WebSphere Application Server files on Windows operating system

Instruction	Command
Open a command prompt.	Click the Start button, click Run, type cmd, and click the OK button.
Stop the WebSphere Application Server.	WAS_HOME\bin\stopServer.bat server1 -username <WAS_ADMIN> -password <WAS_PASSWORD>
Make a temporary directory.	mkdir <WAS_BACKUP_DIRECTORY> Example: mkdir c:\wasbackup
Change to the temporary directory.	cd c:\wasbackup
Copy the files from the directory where WebSphere Application Server is installed.	xcopy /y /e /d <WAS_HOME> c:\wasbackup
Start WebSphere Application Server.	<WAS_HOME>\bin\startServer.bat server1 Where: <WAS_HOMEgt; is the directory where WebSphere Application Server is installed (default:C:\Program Files (x86)\IBM\WebSphere\AppServer).

Backup WebSphere Application Server files on AIX, Solaris, and Linux operating systems

Instruction	Command
Open a ksh or bash shell.	If your default shell is not ksh or bash, run "exec ksh" or "exec bash".
Stop the WebSphere Application Server.	<WAS_HOME>/bin/stopServer.sh server1 -username <WAS_ADMIN> -password <WAS_PASSWORD>
Make a temporary directory.	mkdir <WAS_BACKUP_DIRECTORY> Example: mkdir /tmp/wasbackup
Change to the temporary directory.	cd /tmp/wasbackup
Archive the files from the directory where WebSphere Application Server is installed.	tar -cvf wasbackup.tar <WAS_HOME>/*
Start WebSphere Application Server.	<WAS_HOME>/bin/startServer.sh server1 Where: <WAS_HOME> is the directory where WebSphere Application Server is installed (default: /opt/IBM/WebSphere/AppServer).

Before fix pack installation

Instruction	Steps
Make a repository directory.	Open a command prompt. Make a repository, i.e. a directory where you extract the update installer. Windows Default repository directory is C:\sklminstall_windowsfp mkdir C:\sklminstall_windowsfp Unix Default repository directory is /sklminstall_linuxfp mkdir /sklminstall_linuxfp
Change directory to the directory created.	Windows cd C:\sklminstall_windowsfp Unix cd /sklminstall_linuxfp
Download the fix pack into the repository directory.	Link to fix pack download table
Extract the downloaded file.	Extract the downloaded file: 2.5.0-ISS-SKLM-FP0010-<platform>.tar.gz Where, <platform> refers to the operating system where the fix pack is being installed. Example: 2.5.0-ISS-SKLM-FP0010-<platform>.tar.gz can be 2.5.0-ISS-SKLM-FP0010-Linux.tar.gz For example: Windows Extract the downloaded file: 2.5.0-ISS-SKLM-FP0010-Windows.zip

Steps for installing fix pack for IBM Security Key Lifecycle Manager version 2.5.0 on Windows and Unix operating systems in GUI mode

Instruction	Steps
Stop WebSphere Application Server, install the WebSphere Application Server ifix and then start Installation Manager in GUI mode.	Windows Open a command window, and change to the repository directory. Example: C:\sklminstall_windowsfp Run the following command. updateSKLM.bat <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: updateSKLM.bat "c:\Program Files (x86)\IBM\Installation Manager" "c:\Program Files (x86)\IBM\WebSphere\AppServer" wasadmin wasadminpwd Unix Open a command window, and change to the repository directory. Example: /sklminstall_linuxfp Run the following commands. chmod +x ./updateSKLM.sh ./updateSKLM.sh <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/AppServer wasadmin wasadminpwd Where: IM_INSTALL_LOCATION refers to the installation root directory for IBM Installation Manager. Default value on Windows system is “c:\Program Files (x86)\IBM\Installation Manager”. For Linux system: “/opt/IBM/InstallationManager” WAS_HOME refers to installation root directory for WebSphere Application Server (WAS). Default value on Windows system is "c:\Program Files (x86)\IBM\WebSphere\AppServer". For Linux system: /opt/IBM/WebSphere/AppServer WAS_ADMIN refers to the ID for the WebSphere Application Server Administrator. WAS_PASSWORD refers to the password for the WebSphere Application Server Administrator.
Select the IBM Security Key Lifecycle Manager, Version 2.5 software package group.	1. Select the base offering software package group (IBM Security Key Lifecycle Manager, Version 2.5). 2. Click Next. 3. In the Update Packages updates panel, select the check box associated with each installed component that you want to update, and click Next. o IBM Security Key Lifecycle Manager v2.5 o IBM Security Key Lifecycle Manager v2.5.0.0 (installed) o Version 2.5.0.10
Provide credentials for WebSphere Application Server admin user (default:wasadmin) IBM Security Key Lifecycle Manager admin user (default:SKLMAdmin) and DB2 user (default:sklmdb2).	In the Update Packages Configuration for IBM Security Key Lifecycle Manager v2.5.0.10 panel: Enter Username and Password for Application Server Administrator. Enter Username and Password for IBM Security Key Lifecycle Manager Application Administrator. Enter Username and Password for IBM DB2 user. Click the Validate Credentials button. Validation might take few minutes, wait till the Next button gets enabled. Click Next.
Click the Update button.	In the Update Packages > Summary panel, review the software packages that you want to install and click Update. After Installation Manager successfully updates the fix pack for the services that you select, it displays a message.

Steps for installing a fix pack for IBM Security Key Lifecycle Manager version 2.5.0 on Windows and Unix operating systems in silent mode

Instruction	Steps
Installation Manager utility to encrypt the passwords for users as required.	Open a command window. Change to the <IM_INSTALL_LOCATION>/eclipse/tools directory. Windows Run the following command to generate an encrypted password: imcl.exe encryptString <password_to_encrypt> Unix Run the following command to generate an encrypted password: ./imcl encryptString <password_to_encrypt>
Make a backup of the response file.	Create a backup of original response file SKLM_Silent_Update_<platform>_Resp.xml by renaming it. For example: SKLM_Silent_Update_<platform>_Resp_original.xml This file will be located in the sklm sub-folder under the repository directory where fix pack is extracted.
Edit the response file.	Windows Edit the silent response file "SKLM_Silent_Update_<platform>_Resp.xml". Edit the repository location to point to current location of installables. (Sample: <repository location='C:\sklminstall_windowsfp\sklm'/>) Edit WASAdmin username and password (Password need to be encrypted). (Sample: <data key='user.WAS_ADMIN_ID,com.ibm.sklm.win32>value='wasadmin'/> <data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm.win32>value='zN39fpCc9SqIryGJM7+02A=='/>) Edit SKLMAdmin username and password (Password need to be encrypted). (Sample: <data key='user.SKLM_ADMIN_ID,com.ibm.sklm.win32>value='sklmadmin'/> <data key='user.SKLM_ADMIN_PASSWORD,com.ibm.sklm.win32>value='94FrH/Ll220hVIYc9TflNQ=='/>) Edit DB user username and password (Password need to be encrypted). (Sample: <data key='user.DB_ADMIN_USER,com.ibm.sklm.win32' value='sklmdb2'/> <datadata key='user.DB_ADMIN_PASSWORD,com.ibm.sklm.win32' value='SwIhGBTDHcJok80Ux4Sb3g=='/>) Unix Edit the silent response file "SKLM_Silent_Update_<platform>_Resp.xml". Edit the repository location to point to current location of installables. (Sample for Linux:<repository location='/sklminstall_linuxfp/sklm'/>) Edit WASAdmin user name and password (Password need to be encrypted). (Sample: <data key='user.WAS_ADMIN_ID,com.ibm.sklm.Linux>value='wasadmin'/> <data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm.Linux>value='zN39fpCc9SqIryGJM7+02A=='/>) Edit SKLMAdmin username and password (Password need to be encrypted). (Sample: <data key='user.SKLM_ADMIN_ID,com.ibm.sklm.Linux>value='sklmadmin'/> <data key='user.SKLM_ADMIN_PASSWORD,com.ibm.sklm.Linux>value='94FrH/Ll220hVIYc9TflNQ=='/>) Edit DB user username and password (Password need to be encrypted). (Sample: <data key='user.DB_ADMIN_USER,com.ibm.sklm.linux' value='sklmdb2'/> <data key='user.DB_ADMIN_PASSWORD,com.ibm.sklm.linux' value='SwIhGBTDHcJok80Ux4Sb3g=='/>)
Install the fix pack.	Windows Open a command window, and change to the repository directory. Example: C:\sklminstall_windowsfp Run the following command: silent_updateSKLM.bat <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: silent_updateSKLM.bat "c:\Program Files (x86)\IBM\Installation Manager" "c:\Program Files (x86)\IBM\WebSphere\AppServer" wasadmin wasadminpwd Unix Open a command window, and change to the repository directory. Example: /sklminstall_linuxfp Run the following commands: chmod +x ./silent_updateSKLM.sh ./silent_updateSKLM.sh <IM_INSTALL_LOCATION > <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: ./silent_updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/AppServer wasadmin wasadminpwd. Where: IM_INSTALL_LOCATION refers to the installation root directory for IBM Installation Manager. Default value on Windows system is “c:\Program Files (x86)\IBM\Installation Manager”. For Linux system: “/opt/IBM/InstallationManager” WAS_HOME refers to installation root directory for WebSphere Application Server (WAS). Default value on Windows system is "c:\Program Files (x86)\IBM\WebSphere\AppServer". For Linux system: /opt/IBM/WebSphere/AppServer WAS_ADMIN refers to the ID for the WebSphere Application Server Administrator. WAS_PASSWORD refers to the password for the WebSphere Application Server Administrator.
Check logs for fix pack installation success.	View the log file output produced for successful fix pack installation. Log files are located at: <Installation_Manager_Home>/logs/native

Performing the necessary tasks after fix pack installation

1. Verify Installation - Run the wsadmin AdminTask.tklmVersionInfo() command.

Unix users:

Open a shell (ksh or bash).

Type: cd <WAS_HOME>\bin

Type: ./wsadmin.sh -lang jython -username <sklmadminUserID> -password <sklmadminPassword>

Example: ./wsadmin.sh -lang jython -username sklmadmin -password sklmpassword

At the wsadmin> prompt, type: print AdminTask.tklmVersionInfo()

Windows users:

Open a command prompt.

Type: cd <WAS_HOME>/bin

Type: wsadmin.bat -lang jython -username <sklmadminUserID> -password <sklmadminPassword>

Example: wsadmin.bat -lang jython -username sklmadmin -password sklmpassword

At the wsadmin> prompt, type: print AdminTask.tklmVersionInfo()

Check the output of the tklmVersionInfo command:

IBM Security Key Lifecycle Manager Version = 2.5.0.10

IBM Security Key Lifecycle Manager Build Level = 201808240659

WebSphere Application Server Version = 8.5.5.0

DB2 Version = 10.1.200.238

Java Version = JRE 1.6.0 IBM J9 VM 2.6

2. A backup of your IBM Security Key Lifecycle Manager server must be performed after installing this fix pack. Follow the steps Backing up critical files in the Administering section of the IBM Security Key Lifecycle Manager Product Manuals.

Uninstalling the IBM Security Key Lifecycle Manager along with fix pack

Note: This will uninstall the entire product package i.e. IBM Security Key Lifecycle Manager, IBM DB2 and WebSphere Application Server, and all your data will be lost. Please take backup before uninstalling.

Steps for uninstalling IBM Security Key Lifecycle Manager, Version 2.5.0 along with fix pack on Windows and Unix operating systems in GUI mode

Instruction	Steps
Start uninstalling the IBM Security Key Lifecycle Manager in GUI mode.	Windows Open a command window. Change to repository directory c:\sklminstall_windowsfp Execute the following command: uninstallSKLM_Win.bat <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: uninstallSKLM_Win.bat "c:\Program Files (x86)\IBM\Installation Manager" "c:\Program Files (x86)\IBM\WebSphere\AppServer" wasadmin wasadmin Unix Open a terminal. Change to repository directory /sklminstall_linuxfp Execute the following command: ./uninstallSKLM_Linux.sh <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: ./uninstallSKLM_Linux.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/AppServer wasadmin wasadmin
Select the IBM Security Key Lifecycle Manager, Version 2.5.0.10 software package group.	1. Select the package group (IBM Security Key Lifecycle Manager, Version 2.5.0.10, IBM DB2 and WebSphere Application Sphere). 2. Click Next.
Start uninstallation.	Enter the wasadmin credentials in the popup window, Click Ok. Click on Uninstall button.

Steps for uninstalling IBM Security Key Lifecycle Manager version 2.5.0 along with fix pack on Windows and Unix operating systems in Silent mode

Instruction

Steps

Go to the repository directory.

1. Go to the repository directory
Example:
Windows: c:\sklminstall_windowsfp
Linux: /sklminstall_linuxfp

2. Backup the original response file SKLM_Uninstall_<platform>_Resp.xml by renaming it to SKLM_Uninstall_<platform>_Resp_original.xml

3. Edit the silent response file "SKLM_Uninstall_<platform>_Resp.xml".
Edit WASAdmin username and password (Password need to be encrypted).
Windows:
(Sample:
<data key='user.WAS_ADMIN_ID,com.ibm.sklm.win32' value='wasadmin'/>
<data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm.win32' value='zN39fpCc9SqIryGJM7+02A=='/>)
Unix:
(Sample:
<data key='user.WAS_ADMIN_ID,com.ibm.sklm.linux' value='wasadmin'/>
<data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm.linux' value='zN39fpCc9SqIryGJM7+02A=='/>

Start uninstalling IBM Security Key Lifecycle Manager in silent mode.

Windows

Open a command window.
Change to <IM_INSTALL_LOCATION>\eclipse\tools directory.
Execute the following command:
imcl.exe -input <PATH_TO_UNINSTALL_RESPONSE_FILE> -silent

Example:
imcl.exe -input "c:\sklminstall_windowsfp\SKLM_Uninstall_Win32_Resp.xml" -silent

Unix

Open a terminal.
Change to <IM_INSTALL_LOCATION>/eclipse/tools directory.
Execute the following command:
./imcl -input <PATH_TO_UNINSTALL_RESPONSE_FILE> -silent

Example:
./imcl -input /sklminstall_linuxfp/SKLM_Uninstall_Linux_Resp.xml -silent

Where:

<IM_INSTALL_LOCATION> refers to the installation root directory for IBM Installation Manager. Default value on Windows system is “c:\Program Files (x86)\IBM\Installation Manager”. For Linux system: “/opt/IBM/InstallationManager”

<WAS_HOME> refers to installation root directory for WebSphere Application Server (WAS). Default value on Windows system is "c:\Program Files (x86)\IBM\WebSphere\AppServer". For Linux system: /opt/IBM/WebSphere/AppServer

<WAS_ADMIN> refers to the ID for the WebSphere Application Server Administrator.

<WAS_PASSWORD> refers to the password for the WebSphere Application Server Administrator.

<PATH_TO_UNINSTALL_RESPONSE_FILE> refers to the uninstallation response file provided or bundled with the update installer.

<platform> refers to the Operating system where the fix pack is being installed / uninstalled. For example: SKLM_Uninstall_<platform>_Resp.xml on Linux would be SKLM_Uninstall_Linux_Resp.xml

List of Fixes and Features

New Features Provided by Version 2.5.0.8

Security vulnerabilities fixed

http://www.ibm.com/support/docview.wss?uid=swg21997799

New Features Provided by Version 2.5.0.3

Added Support for AES 256 Master Key

Added Support for AES 256 Backup Encryption

Added Support for Indicating Last Used Date for Key on Key Deletion Confirmation

Added Support for User Password Change from SKLM GUI

Added Support for Proof of Encryption

Added Syslog Support in Audit Logs

Added Pending Client Cert List REST Service

Added Pending Client Cert Accept REST Service

Added Pending Client Cert Reject REST Service

Added Support for Windows 2012 R2 Server Standard Edition

New Features Provided by Version 2.5.0.2

Added support for IBM_SYSTEM_X_SED

New Features Provided by Version 2.5.0.1

Added KMIP 1.2 Support

Added support for JSON and XML encodings

Fixes included in 2.5.0.10

Security vulnerabilities fixed in Fix Pack 2.5.0.10.
As a part of security vulnerability fix, 2.5.0.10 onwards all your data can only be saved under the "WAS_HOME/products/sklm/data" directory. Hence all your backup jars, replication backup jars, certificate & key export imports will be saved under WAS_HOME/products/sklm/data directory.

APAR fixes included in Fix Pack 8

APAR No.	Sev.	Abstract
IV88634	2	SKLM v2.5.0.6 - KMIP property Opaque Key Block has a size restriction of 175 bytes.

APAR fixes included in Fix Pack 7

APAR No.	Sev.	Abstract
IV79948	2	SETTING SESSION TIMEOUT VALUE TO NO TIMEOUT IN WAS CONSOLE PREVENTS SUCCESSFUL LOGIN TO SKLM GUI.
IV81143	2	AFTER APPLYING FIXPACK 6 UNABLE TO LOGING TO THE SKLM CONSOLE WHEN USING LDAP CREDENTIALS.
IV78075	2	VULNERABILITIES - CROSS-SITE SCRIPTING (XSS) AND CROSS-SITE REQUEST FORGERY (CSRF).

APAR fixes included in Fix Pack 6

APAR No.	Sev.	Abstract
IV78732	2	Error applying FP6 to SKLM 2.5 on RHEL 6, ERROR: An interim fix for the Java SDK is installed already.
IV74799	3	Security Vulnerability in IBM WebSphere Application Server Bundled with IBM Security Key Lifecycle Manager(CVE-2015-1920).
IV74815	3	Multiple vulnerabilities in IBM® Java SDK (April 2015 CPU) affect IBM Security Key Lifecycle Manager.
IV74820	3	Security vulnerability LOGJAM affect IBM Security Key Lifecycle Manager.
IV73961	3	Fix for SSL Freak/Bar Mitvah vulnerability found in SKLM 2.5.0.5
IV73940	3	Tripple DES key migrated from zOS EKM not working in SKLM 2.5
IV75243	3	Block weak ciphers with DES from supported Cipher list.

APAR fixes included in Fix Pack 5

APAR No.	Sev.	Abstract
IV72549	3	IBM SECURITY KEY LIFECYCLE MANAGER v2.5, WITH RC4 BAR MITZVAH VULNERABILITY FIX.

APAR fixes included in Fix Pack 4

APAR No.	Sev.	Abstract
IV71786	3	IBM SECURITY KEY LIFECYCLE MANAGER v2.5, WITH POODLE VULNERABILITY FIX.

APAR fixes included in Fix Pack 3

APAR No.	Sev.	Abstract
IV61442	2	REPEATED RESTORES FAILS WITH SQL2522N MORE THAN ONE BACKUP FILE MATCHES THE TIME STAMP VALUE PROVIDED FOR THE BACKED UP DATABASE IMAGE, AFTER A FAILED RESTORE
IV65134	2	SKLM 2.5 FP'S MESSED UP UNICODE CHARACTERS IN NON-EN LOCALE TO "??????" IN GUI
OA4599	2	SKLM AUTOBACKUP.BAT FAILS TO INTERPRET PATH IN TIPHOME

APAR fixes included in Fix Pack 2

APAR No.	Sev.	Abstract
IV60256	2	THIRD PARTY CERTIFICATE IS NOT IMPORTED/EXPORTED CORRECTLY
IV60262	2	DS5000 DEVICES REGISTERED KEYS ARE NOT SERVED
IV56472	2	LINUX NON-ROOT INSTALLATION REQUIRES AN SSL PORT GREATER THAN WELL KNOW PORTS 1023
IV56214	2	KMIP TRANSACTION FAILS AFTER UPGRADING TO 2.5 OF SKLM. SEE JAVA.LANG.NULLPOINTEREXCEPTIONIN DEBUG LOG
IV60265	2	INAPPROPRIATE ERROR MEESAGE RETURNED WHEN KMIP GET MESSAGE CONTAINS WRONG DEVICE GROUP
IV60270	2	CLI TKLMKMIPTEMPLATELIST IS NOT DISPLAYING THE REGISTERED KMIP TEMPLATE
IV60284	2	ADDING SYSTEM_X TO KLM
IV60290	2	SKLM UI GETTING LOGGED OUT
IV60406	2	SKLMV2.5 FIX PACK INSTALLATION FAILS WHEN INSTALLING AS NON ROOT ON LINUX SYSTEM
IV60407	2	DISABLE SSL WEAK AND MEDIUM CIPHER SUITES FOR KMIP
IV60412	2	NEWLY CREATED CERTIFICATE NOT SUPPORTING LEASETIME
IV60409	2	RECERTIFY() DIES IF A PKCS10 CERT REQUEST IS SUPPLIED
IV60410	2	GUI DOESN'T DISPLAY SECRETDATA OBJECT
IV60411	2	CANNOT PERFORM MODIFY OPERATION ON DS5000 DEVICES AND ITS FAMILIES.
IV60532	2	LEASETIME IS VALID ATTRIBUTE EVEN IF OBJECT STATE IS REVOKED OR REVOKED_COMPROMISED
IV60528	2	EVALUATE MAX_RESPONSE_SIZE IN TTLV TERMS
IV60931	2	SKLM V2.5 CONFIGURATION WITH LDAP FAILS

APAR fixes included in Fix Pack 1

APAR No.	Sev.	Abstract
IV55432	3	ON AIX PLATFORM RESTORE OPERATION FAILS DUE TO FILE PERMISSION ISSUE
IV55437	3	CERTIFICATE ASSOCIATED WITH JAG DEVICE CANNOT BE REMOVED
IV55446	3	ADDING A DEVICEGROUP FROM REST FOR DEVICEFAMILY GPFS FAILS
IV55447	3	WHEN WE LIST DEVICEGROUPS FROM REST/CLI IT DOES NOT LIST GPFS
IV55460	3	USING REST WHEN WE LIST DEVICEGROUPS FOR ANY TYPE IT DOES NOT LIST 2000 RECORDS
IV55472	3	REST SERVICE ATTRIBUTE NAME "ADDNEWCERTSTOPENDING" IS INCORRECTLY DISPLAYED AS "DEVICE.ADDNEWCERTSTOPENDING"
IV53802	3	THE SKLM V2.5 "SILENT INSTALL" METHOD REQUIRES ENCRYPTED PASSWORDS IN THE SKLM_RESPONSE FILE.
IV54751	1	SKLMADMIN GUI LOGIN GETS WHITE SCREEN USING IE9
IV54976	1	SECURITYKEYLIFECYCLEMANAGER_WAS.INIT FILE CONTAINS PASSWORD FOR WAS ADMIN'S USERID IN CLEAR TEXT ON LINUX SYSTEM
IV53766	2	INSTALL OF 2.5 FAILS WITH ERROR COMPLAINING ABOUT NOT ENOUGH SPACE IN FILE SYSTEM EVEN AFTER PREREQ CHECKING PASSED
IV54303	2	THE 2.5 DOCUMENTATION INCORRECTLY REFERENCES THE REPLICATION PROPERTIES FILE AS REPLICATIONSKLMGRCONFIG.PROPERTIES
IV55418	2	ECDSA ALGORITHM SHOULD NOT BE ALLOWED FOR 3592 OR DS8000 DEVICE GROUPS FROM REST INTERFACE

Copyright and trademark information

http://www.ibm.com/legal/copytrade.shtml

Notices

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.

Microsoft, Windows, and Windows Server are trademarks of Microsoft Corporation in the United States, other countries, or both.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Other company, product, or service names may be trademarks or service marks of others.

THIRD-PARTY LICENSE TERMS AND CONDITIONS, NOTICES AND INFORMATION

The license agreement for this product refers you to this file for details concerning terms and conditions applicable to third party software code included in this product, and for certain notices and other information IBM must provide to you under its license to certain software code. The relevant terms and conditions, notices and other information are provided or referenced below. Please note that any non-English version of the licenses below is unofficial and is provided to you for your convenience only. The English version of the licenses below, provided as part of the English version of this file, is the official version.

Notwithstanding the terms and conditions of any other agreement you may have with IBM or any of its related or affiliated entities (collectively "IBM"), the third party software code identified below are "Excluded Components" and are subject to the following terms and conditions:

· the Excluded Components are provided on an "AS IS" basis

· IBM DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES AND CONDITIONS WITH RESPECT TO THE EXCLUDED COMPONENTS, INCLUDING, BUT NOT LIMITED TO, THE WARRANTY OF NON-INFRINGEMENT OR INTERFERENCE AND THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

· IBM will not be liable to you or indemnify you for any claims related to the Excluded Components

· IBM will not be liable for any direct, indirect, incidental, special, exemplary, punitive or consequential damages with respect to the Excluded Components.

Document change history

Change Date	Reason	Modified by
23 August 2018	Create ReadMe for 2.5.0-ISS-SKLM-FP0010	AP
28 August 2018	Created Final Version of ReadMe for 2.5.0-ISS-SKLM-FP0010	AP

End of Document