IBM Security Key Lifecycle Manager Version 3.0.0 -- Distributed Platforms Fix Pack 2 README

Abstract

Readme documentation for IBM Security Key Lifecycle Manager for Distributed Platforms, Version 3.0.0 Fix Pack 2 including installation-related instructions, prerequisites and corequisites, and a list of fixes. All IBM Security Key Lifecycle Manager for Distributed Platforms fix packs are cumulative.

Fix pack publish date: 3 October 2018

Last modified date: 1 October 2018

Contents

Platform support
Download locations
Prerequisites and corequisites
Known issues
Known limitations

Installation information
Installing the IBM Security Key Lifecycle Manager fix pack
Prior to fix pack installation
Performing the necessary tasks after fix pack installation
Installing fix pack when IBM Security Key Lifecycle Manager Multi-Master environment is set up
Uninstalling the IBM Security Key Lifecycle Manager along with fix pack
List of fixes and features
General Data Protection Regulation (GDPR) - How to enable GDPR
Copyright and trademark information
Document change history

Platform support

IBM Security Key Lifecycle Manager, Version 3.0.0 platforms supported

AIX Version 7.1 64-bit

AIX Version 7.2 64-bit

Red Hat Enterprise Linux Version 6.7 x86 64-bit mode

Red Hat Enterprise Linux Version 7.1 on x86 64-bit mode

Red Hat Enterprise Linux Version 7.1 (System z) on x86 64-bit mode

Red Hat Enterprise Linux Version 7.1 (PowerPC Little Endian (LE)) on x86 64-bit mode

SuSE Linux Enterprise Server Version 12 on x86 64-bit mode

SuSE Linux Enterprise Server Version 12 (System z) on x86 64-bit mode

Windows Server 2012 (64-bit mode for all Intel and AMD processors) Standard Edition

Windows Server 2012 R2 (64-bit mode for all Intel and AMD processors) Standard Edition

Windows Server 2016 (64-bit mode for all Intel and AMD processors) Standard Edition

For more information about supported operating systems, see IBM Security Key Lifecycle Manager Support Matrix.

IBM Security Key Lifecycle Manager Version 3.0.0 has been certified to run on the following virtual environments. The platform running within the virtual machine must be supported by the virtual platform server and Security Key Lifecycle Manager Version 3.0.0 (see "Platform support" table).

IBM Security Key Lifecycle Manager Version 3.0.0 virtual platforms supported

VMWare ESX Server Versions 5.5 and 6.5

Red Hat Enterprise Virtualization/Kernel-Based Virtual Machine (RHEV/KVM) Version 5.4

Download location

Download IBM Security Key Lifecycle Manager, Version 3.0.0 fix pack from IBM Fix Central

1. Go to IBM Fix Central home page: http://www.ibm.com/support/fixcentral/

2. For the Product Group, select "IBM Security"

3. For the Product, select "IBM Security Key Lifecycle Manager".

4. For Installed Version, select your system's appropriate version level, ie. 3.0.0.

5. For Platform, select the appropriate platform. Choose "Continue".

6. At the Identify Fixes page, select the "Browse for Fixes" radio button (default) and choose "Continue".

7. At the Select Fixes page, choose Fix Pack "3.0.0-ISS-SKLM-FP0002". Choose "Continue".

8. You might be prompted to "Sign In". If you do not have an ID, click on the "register now" link and follow the registration steps as appropriate.

9. At the Download Options page, choose a download method (default is "Download using Download Director").

10. Select the associated files and README for Fix Pack 3.0.0-ISS-SKLM-FP0002 and select "Download now".

Platforms updated by this Fix Pack

Product/Component Name	Platform	File Name
IBM Security Key Lifecycle Manager version 3.0.0 Fix Pack - 3.0.0-ISS-SKLM-FP0002	AIX	3.0.0-ISS-SKLM-FP0002-AIX.tar.gz
IBM Security Key Lifecycle Manager version 3.0.0 Fix Pack - 3.0.0-ISS-SKLM-FP0002	Linux	3.0.0-ISS-SKLM-FP0002-Linux.tar.gz
IBM Security Key Lifecycle Manager version 3.0.0 Fix Pack - 3.0.0-ISS-SKLM-FP0002	zLinux (System z)	3.0.0-ISS-SKLM-FP0002-zLinux.tar.gz
IBM Security Key Lifecycle Manager version 3.0.0 Fix Pack - 3.0.0-ISS-SKLM-FP0002	Linux PPC	3.0.0-ISS-SKLM-FP0002-LinuxPPC.tar.gz
IBM Security Key Lifecycle Manager version 3.0.0 Fix Pack - 3.0.0-ISS-SKLM-FP0002	Windows	3.0.0-ISS-SKLM-FP0002-Windows.zip

For current version 3.0.0 installations: This fix pack can be installed on systems with IBM Security Key Lifecycle Manager, Version 3.0.0 GA.

Prerequisites and corequisites

IBM Security Key Lifecycle Manager, Version 3.0.0 GA and 3.0.0.1

Known issues

IBM Security Key Lifecycle Manager installation fails on Red Hat Enterprise Linux, Version 6.7.

Installation of IBM Security Key Lifecycle Manager, Version 3.0 halts during IBM WebSphere Application Server profile creation process and goes into irrecoverable state.

To install IBM Security Key Lifecycle Manager, Version 3.0 on Red Hat Enterprise Linux, Version 6.7. follow the steps given in technote before you start with the SKLM installation. http://www-01.ibm.com/support/docview.wss?uid=swg21975886

While installing IBM Security Key Lifecycle Manager 3.0.0.2, the panel to validate the password has the "Validate Credentials" button enabled, even without entering the Database password.

Users can safely ignore this, enter all the passwords and then click on validate Credentials button.

In some cases on deleting a master from the Multi-Master setup, you might see the DB2 HADR status might appear as RED in the UI but this is only UI based error and underlying HADR functionality is active. To verify if HADR is working fine user can execute the db2pd command to check the HADR status. db2pd command needds to be executed as a DB administrator / instance user.

Usage :
db2pd -d -hadr
Example: db2pd -d sklmdb30 -hadr

Regular restore of data from one IBM Security Key Lifecycle Manager server configured with HSM to another IBM Security Key Lifecycle Manager server (different Operating system than source) configured with same HSM fails.

Known limitations

Rollback of installed fix pack is not supported.

Installing the IBM Security Key Lifecycle Manager fix pack

Prior to fix pack installation

1. Ensure that IBM Security Key Lifecycle Manager is not in use before installing the fix pack. If your facility has a "service maintenance outage" process, consider installing this fix pack during an arranged service outage.

2. A backup of your IBM Security Key Lifecycle Manager server should be performed prior to installing this fix pack. Follow the steps Backing up critical files in the Administering section of the IBM Security Key Lifecycle Manager Product Manuals.

Backup WebSphere Application Server files on Windows operating system

Instruction	Command
Open a command prompt.	Click the Start button, click Run, type cmd, and click the OK button.
Stop WebSphere Application Server.	<WAS_HOME>\bin\stopServer.bat server1 -username <WAS_ADMIN> -password <WAS_PASSWORD>
Make a temporary directory.	mkdir <WAS_BACKUP_DIRECTORY> Example: mkdir c:\wasbackup
Change to the temporary directory.	cd c:\wasbackup
Copy the files from the directory where WebSphere Application Server is installed.	xcopy /y /e /d <WAS_HOME> c:\wasbackup
Start WebSphere Application Server.	<WAS_HOME>\bin\startServer.bat server1 Where: <WAS_HOME> is the directory where WebSphere Application Server is installed (default:C:\Program Files\IBM\WebSphere\AppServer).

Backup WebSphere Application Server files on AIX and Linux operating systems

Instruction	Command
Open a ksh or bash shell.	If your default shell is not ksh or bash, run "exec ksh" or "exec bash".
Stop WebSphere Application Server.	<WAS_HOME>/bin/stopServer.sh server1 -username <WAS_ADMIN> -password <WAS_PASSWORD>
Make a temporary directory.	mkdir <WAS_BACKUP_DIRECTORY> Example: mkdir /tmp/wasbackup
Change to the temporary directory.	cd /tmp/wasbackup
Archive the files from the directory where WebSphere Application Server is installed.	tar -cvf wasbackup.tar <WAS_HOME>/*
Start WebSphere Application Server.	<WAS_HOME>/bin/startServer.sh server1 Where: <WAS_HOME> is the directory where WebSphere Application Server is installed (default: /opt/IBM/WebSphere/AppServer).

Before fix pack installation

Instruction	Steps
Make a repository directory.	Open a command prompt. Make a repository, i.e. a directory where you extract the update installer. Windows Default repository directory is C:\sklminstall_windowsfp mkdir C:\sklminstall_windowsfp Unix Default repository directory is /sklminstall_linuxfp mkdir /sklminstall_linuxfp
Change directory to the directory created.	Windows cd C:\sklminstall_windowsfp Unix cd /sklminstall_linuxfp
Download the fix pack into the repository directory.	Link to fix pack download table
Extract the downloaded file.	Windows Extract the downloaded file: 3.0.0-ISS-SKLM-FP0002-Windows.zip Unix Extract the downloaded file: 3.0.0-ISS-SKLM-FP0002-Linux.tar.gz

Steps for installing fix pack for IBM Security Key Lifecycle Manager, Version 3.0.0 on Windows and Unix operating systems in GUI mode

Instruction	Steps
Stop WebSphere Application Server, update Java SDK, and then start Installation Manager in GUI mode.	Windows Open a command window, and change to the repository directory. Example: C:\sklminstall_windowsfp Run the following command. updateSKLM.bat <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: updateSKLM.bat "c:\Program Files\IBM\Installation Manager" "c:\Program Files\IBM\WebSphere\AppServer" wasadmin wasadminpwd Unix Open a command window, and change to the repository directory. Example: /sklminstall_linuxfp Run the following commands. chmod +x ./updateSKLM.sh ./updateSKLM.sh <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/AppServer wasadmin wasadminpwd Where: <IM_INSTALL_LOCATION> refers to the installation root directory for IBM Installation Manager. Default value on Windows system is “c:\Program Files\IBM\Installation Manager”. For Linux system: “/opt/IBM/InstallationManager” <WAS_HOME> refers to installation root directory for WebSphere Application Server (WAS). Default value on Windows system is "c:\Program Files\IBM\WebSphere\AppServer". For Linux system: /opt/IBM/WebSphere/AppServer <WAS_ADMIN> refers to the ID for the WebSphere Application Server Administrator. <WAS_PASSWORD> refers to the password for the WebSphere Application Server Administrator.
Select the IBM Security Key Lifecycle Manager, Version 3.0 software package group.	1. Select the base offering software package group (IBM Security Key Lifecycle Manager, Version 3.0). 2. Click Next. 3. In the Update Packages updates panel, select Version 3.0.0.2, and click Next.
Provide credentials for WebSphere Application Server admin user (default: wasadmin) SKLM admin user (default: SKLMAdmin) and DB2 user (default: sklmdb30).	In the Update Packages Configuration for IBM Security Key Lifecycle Manager v3.0.0.2 panel: Enter Username and Password for Application Server Administrator. Enter Username and Password for IBM Security Key Lifecycle Manager Application Administrator. Enter Username and Password for IBM DB2 user. Click the Validate Credentials button. Validation might take few minutes, wait till the Next button is enabled. Click Next.
Click the Update button.	In the Update Packages > Summary panel, review the software packages that you want to install and click Update. After Installation Manager successfully updates the fix pack for the services that you select, a message is displayed.

Steps for installing a fix pack for IBM Security Key Lifecycle Manager, Version 3.0.0 on Windows and Unix operating systems in silent mode

Instruction	Steps
Installation Manager utility to encrypt the passwords for users as required.	Open a command window. Change to the <IM_INSTALL_LOCATION>/eclipse/tools directory. Windows Run the following command to generate an encrypted password: imcl.exe encryptString <password_to_encrypt> Unix Run the following command to generate an encrypted password: ./imcl encryptString <password_to_encrypt>
Make a backup of the response file.	Create a backup of original response file SKLM_Silent_Update_<platform>_Resp.xml by renaming it. For example: SKLM_Silent_Update_<platform>_Resp_original.xml This file will be located in the sklm sub-folder under the repository directory where fix pack is extracted.
Edit the response file.	Windows Edit the silent response file "SKLM_Silent_Update_<platform>_Resp.xml". Edit the repository location to point to current location of installables. (Sample: <repository location='C:\sklminstall_windowsfp\sklm'/>) Edit WASAdmin username and password (Password need to be encrypted). (Sample: <data key='user.WAS_ADMIN_ID,com.ibm.sklm30.win>value='wasadmin'/> <data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm30.win>value='e9PjN93MeQxwnSs9VXJFMw=='/>) Edit SKLMAdmin username and password (Password need to be encrypted). (Sample: <data key='user.SKLM_ADMIN_ID,com.ibm.sklm30.win>value='SKLMAdmin'/> <data key='user.SKLM_ADMIN_PASSWORD,com.ibm.sklm30.win>value='9YTRJMRIydDSdfhaHPs1ag=='/>) Edit DB user username and password (Password need to be encrypted). (Sample: <data key='user.DB2_ADMIN_PWD,com.ibm.sklm30.db2.win.ofng' value='sklmdb30'/> <datadata key='user.CONFIRM_PASSWORD,com.ibm.sklm30.db2.win.ofng' value='QTh/0AiFvrljhs9gnOYkGA=='/>) Unix Edit the silent response file "SKLM_Silent_Update_<platform>_Resp.xml". Edit the repository location to point to current location of installables. (Sample for Linux:<repository location='/sklminstall_linuxfp/sklm'/>) Edit WASAdmin username and password (Password need to be encrypted). (Sample: <data key='user.WAS_ADMIN_ID,com.ibm.sklm30.linux>value='wasadmin'/> <data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm.Linux>value='e9PjN93MeQxwnSs9VXJFMw=='/>) Edit SKLMAdmin username and password (Password need to be encrypted). (Sample: <data key='user.SKLM_ADMIN_ID,com.ibm.sklm30.linux>value='SKLMAdmin'/> <data key='user.SKLM_ADMIN_PASSWORD,com.ibm.sklm30.linux>value='9YTRJMRIydDSdfhaHPs1ag=='/>) Edit DB user username and password (Password need to be encrypted). (Sample: <data key='user.DB2_ADMIN_ID,com.ibm.sklm30.db2.lin.ofng' value='sklmdb30'/> <data key='user.DB2_ADMIN_PWD,com.ibm.sklm30.db2.lin.ofng' value='QTh/0AiFvrljhs9gnOYkGA=='/>)
Install the fix pack.	Windows Open a command window, and change to the repository directory. Example: C:\sklminstall_windowsfp Run the following command: silent_updateSKLM.bat <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: silent_updateSKLM.bat "c:\Program Files\IBM\Installation Manager" "c:\Program Files \IBM\WebSphere\AppServer" wasadmin wasadminpwd Unix Open a command window, and change to the repository directory. Example: /sklminstall_linuxfp Run the following commands: chmod +x ./silent_updateSKLM.sh ./silent_updateSKLM.sh <IM_INSTALL_LOCATION > <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD> Example: ./silent_updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/AppServer wasadmin wasadminpwd. Where: IM_INSTALL_LOCATION refers to the installation root directory for IBM Installation Manager. Default value on Windows system is “c:\Program Files\IBM\Installation Manager”. For Linux system: “/opt/IBM/InstallationManager” <WAS_HOME> refers to installation root directory for WebSphere Application Server. Default value on Windows system is "c:\Program Files\IBM\WebSphere\AppServer". For Linux system: /opt/IBM/WebSphere/AppServer WAS_ADMIN refers to the ID for the WebSphere Application Server Administrator. WAS_PASSWORD refers to the password for the WebSphere Application Server Administrator.
Check logs for fix pack installation success.	View the log file output produced for successful fix pack installation. Log files are located at: <Installation_Manager_Home>/logs/native

Performing the necessary tasks after fix pack installation

1. Verify Installation - Run the wsadmin AdminTask.tklmVersionInfo() command.

Unix users:

Open a shell (ksh or bash).

Type: cd <WAS_HOME>/bin/

Type: ./wsadmin.sh -lang jython -username <sklmadminUserID> -password <sklmadminPassword>
Example: ./wsadmin.sh -lang jython -username sklmadmin -password sklmpassword

At the wsadmin> prompt, type: print AdminTask.tklmVersionInfo()

Windows users:

Open a command prompt.

Type: cd <WAS_HOME>\bin

wsadmin -lang jython -username <sklmadminUserID> -password <sklmadminPassword>

Example: wsadmin.bat -lang jython -username sklmadmin -password sklmpassword
At the wsadmin> prompt, type: print AdminTask.tklmVersionInfo()

Check the output of the tklmVersionInfo command:

IBM Security Key Lifecycle Manager Version = 3.0.0.2

IBM Security Key Lifecycle Manager Build Level = 201810011109

WebSphere Application Server Version = 9.0.0.5

DB2 Version = 11.1.2.2

Java Version = JRE 1.8.0_144 IBM J9 VM 2.9

Operating System Version = Linux:3.10.0-327.el7.x86_64:amd64

You can also view the detailed server information such as version number of IBM Security Key Lifecycle Manager, DB2, Java, and WebSphere Application Server through GUI.

Log on to the graphical user interface.

On the welcome page header bar, click the Help icon.

Click About.

2. A backup of your IBM Security Key Lifecycle Manager server must be performed after installing this fix pack. Follow the steps Backing up critical files in the Administering section of the IBM Security Key Lifecycle Manager Product Manuals.

Installing fix pack when IBM Security Key Lifecycle Manager Multi-Master environment is set up

Before you begin with fix pack install

Check the states of the server, if the MM setup is not in the real state or the original state then we need to change the following property in SKLMConfig.properties:
multimasterRole
This needs to be changed to their current respective role, i.e if STANDBY is promoted to PRIMARY then the property should be updated accordingly.

Steps:

Stop WebSphere Application Server on all masters in the multi-master cluster. You can stop WebSphere Application Server on the masters (Primary, Standby, or non-HADR masters) in any sequence.

Open a command prompt.

Go to the <WAS_HOME>\bin directory.
Windows
C:\Program Files\IBM\WebSphere\AppServer\bin

Linux
/opt/IBM/WebSphere/AppServer/bin
Stop the server.
Windows
stopServer.bat server1 -username <wasadmin> -password <mypwd>

Linux
./stopServer.sh server1 -username <wasadmin> -password <mypwd>

Stop Agent on all masters in the multi-master cluster. You can stop Agent on the masters (Primary, Standby, or non-HADR masters) in any sequence.

Open a command prompt.

Go to the <SKLM_INSTALL_HOME>\agent directory.

Windows
C:\Program Files\IBM\SKLMV30\agent

Linux
/opt/IBM/SKLMV30/agent
Stop the Agent.

Windows
stopAgent.bat <WAS_HOME>
stopAgent.bat "C:\Program Files\IBM\WebSphere\AppServer"

Linux
./stopAgent.sh <WAS_HOME>
./stopAgent.sh /opt/IBM/WebSphere/AppServer

Apply fix pack on the HADR primary master.

After the fix pack installation, run the following verification tasks:

Login to IBM Security Key Lifecycle Manager and check the version number.
Ensure that the HADR primary master is running and available for use.

Apply fix pack on the HADR standby master.

After the fix pack installation, run the following verification tasks:

Login to IBM Security Key Lifecycle Manager and check the version number.
Ensure that the HADR standby master is running and available for use.

Apply fix pack on all the non-HADR masters.

After the fix pack installation, run the following verification tasks:

Login to IBM Security Key Lifecycle Manager and check the version number.
Ensure that all the non-HADR masters are running and available for use.

Uninstalling the IBM Security Key Lifecycle Manager along with fix pack

Note: This will uninstall the entire product package i.e. IBM Security Key Lifecycle Manager, IBM DB2 and WebSphere Application Server, and all your data will be lost. Please take backup before uninstalling.

Steps for uninstalling IBM Security Key Lifecycle Manager version 3.0.0 along with fix pack on Windows and Unix operating systems in GUI mode

Instruction

Steps

Before you begin.

Stop WebSphere Application Server before you uninstall IBM Security Key Lifecycle Manager.

Start uninstalling the IBM Security Key Lifecycle Manager in GUI mode.

Windows

Browse to <IM_INSTALL_LOCATION>\eclipse and double-click IBMIM to start IBM Installation Manager in GUI mode.
In IBM Installation Manager, click Uninstall. The Uninstall Packages window opens.
Select the check boxes to uninstall IBM Security Key Lifecycle Manager, DB2, and the WebSphere Application Server.
Click Next. Type the WebSphere Application Server Administrator user ID and the password.
Click Next. The Summary panel window opens.
Review the software packages to be uninstalled and their installation directories; click Uninstall.

Unix

Browse to <IM_INSTALL_LOCATION>/eclipse and run IBMIM.
In IBM Installation Manager, click Uninstall. The Uninstall Packages window opens.
Select the check boxes to uninstall IBM Security Key Lifecycle Manager, DB2, and the WebSphere Application Server.
Click Next. Type the WebSphere Application Server Administrator user ID and the password.
Click Next. The summary panel opens.
Review the software packages to be uninstalled and their installation directories.
Click Uninstall.

Steps for uninstalling IBM Security Key Lifecycle Manager version 3.0.0 along with fix pack on Windows and Unix operating systems in silent mode

Instruction

Steps

Go to the repository directory.

1. Go to the repository directory
Example:
Windows: c:\sklminstall_windowsfp
Linux: /sklminstall_linuxfp

2. Backup the original response file SKLM_Uninstall_<platform>_Resp.xml by renaming it to SKLM_Uninstall_<platform>_Resp_original.xml

3. Edit the silent response file "SKLM_Uninstall_<platform>_Resp.xml".
Edit WASAdmin username and password (password need to be encrypted).
Windows:
(Sample:
<data key='user.WAS_ADMIN_ID,com.ibm.sklm30.win' value='wasadmin'/>
<data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm30.win' value='e9PjN93MeQxwnSs9VXJFMw==>)
Unix:
(Sample:
<data key='user.WAS_ADMIN_ID,com.ibm.sklm30.linux' value='wasadmin'/>
<data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm30.linux' value='e9PjN93MeQxwnSs9VXJFMw=='/>

Start uninstalling IBM Security Key Lifecycle Manager in silent mode.

Windows

Open a command prompt.
Change to <IM_INSTALL_LOCATION>\eclipse\tools directory.
Execute the following command:
imcl.exe -input <PATH_TO_UNINSTALL_RESPONSE_FILE> -silent

Example:
imcl.exe -input "c:\sklminstall_windowsfp\SKLM_Uninstall_Win32_Resp.xml" -silent

Unix

Open terminal.
Change to <IM_INSTALL_LOCATION>/eclipse/tools directory.
Execute the following command:
./imcl -input <PATH_TO_UNINSTALL_RESPONSE_FILE> -silent

Example:
./imcl -input /sklminstall_linuxfp/SKLM_Uninstall_Linux_Resp.xml -silent

Where:

<IM_INSTALL_LOCATION> refers to the installation root directory for IBM Installation Manager. Default value on Windows system is “c:\Program Files\IBM\Installation Manager”. For Linux system: “/opt/IBM/InstallationManager”

<PATH_TO_UNINSTALL_RESPONSE_FILE> refers to the uninstallation response file provided or bundled with the update installer.

<platform> refers to the operating system where the fix pack is being installed / uninstalled. For example: SKLM_Uninstall_<platform>_Resp.xml on Linux would be SKLM_Uninstall_Linux_Resp.xml

List of fixes and features

New Features Provided by Version 3.0.0.2

Added support for PEER_TO_PEER device group.
https://www-01.ibm.com/support/docview.wss?uid=ibm10733805

New Features Provided by Version 3.0.0.1

Enabled write capability on a IBM Security Key Lifecycle Manager master server, which is isolated from the Multi-Master setup.

Added support for KMIP 2.0, and made enhancements to the KMIP 1.4 support.

IBM Security Key Lifecycle Manager is now General Data Protection Regulation (GDPR) compliant.

Regular backups from IBM Security Key Lifecycle Manager v2.6 and v2.7 can be restored on v3.0.0.1

APAR fixes included in Fix Pack 2

APAR No.	Sev.	Abstract
IJ04428	3	HELP CONTENT DOES NOT APPEAR ON INTERNET EXPLORER.
IJ05708	3	MIGRATION RESTORE FAILS WITH JAVA.LANG.ILLEGALARGUMENTEXCEPTION:CAN NOT SET JAVA.LANG.STRING FIELD.
IJ07781	3	CROSS MIGRATION OF SKLM WITH HSM TO V3.0 SKLM WITH HSM IS FAILING.
IJ08572	3	GUI BUTTON CHANGES BACK TO 'STARTING THE REPLICATION SERVER' STATUS IN REPLICATION PAGE.

APAR fixes included in Fix Pack 1

APAR No.	Sev.	Abstract
IJ05547	3	3RD PARTY CERTIFICATE FAILS TO BE IMPORTED WITH MULTI-MASTER ERRORS.
IJ04715	3	THE STEP OF ADDING THE ENCRYPTED PASSWORD INTO THE RESPONSE FILE IS MISSING IN THE PROCEDURE OF UNINSTALLING IN SILENT MODE.

General Data Protection Regulation (GDPR) - How to enable GDPR

As per the instructions from EU (European Union) on GDPR, Log Sanitization is taken up and implemented in SKLM v3.0.0.1. Under this, sensitive (e.g. hostname / certificate issuer name) and confidential (e.g. SQL parameters) data are to be masked from getting printed into the logs.

How to Enable GDPR

After applying FP01 on SKLM v3.0 GA, GDPR will by default be disabled.
To enable, the below flag has to be set to true in SKLMConfig.properties file.
displaySecretTags = true

Copyright and trademark information

http://www.ibm.com/legal/copytrade.shtml

Notices

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.

Microsoft, Windows, and Windows Server are trademarks of Microsoft Corporation in the United States, other countries, or both.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Other company, product, or service names may be trademarks or service marks of others.

THIRD-PARTY LICENSE TERMS AND CONDITIONS, NOTICES AND INFORMATION

The license agreement for this product refers you to this file for details concerning terms and conditions applicable to third party software code included in this product, and for certain notices and other information IBM must provide to you under its license to certain software code. The relevant terms and conditions, notices and other information are provided or referenced below. Please note that any non-English version of the licenses below is unofficial and is provided to you for your convenience only. The English version of the licenses below, provided as part of the English version of this file, is the official version.

Notwithstanding the terms and conditions of any other agreement you may have with IBM or any of its related or affiliated entities (collectively "IBM"), the third party software code identified below are "Excluded Components" and are subject to the following terms and conditions:

the Excluded Components are provided on an "AS IS" basis
IBM DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES AND CONDITIONS WITH RESPECT TO THE EXCLUDED COMPONENTS, INCLUDING, BUT NOT LIMITED TO, THE WARRANTY OF NON-INFRINGEMENT OR INTERFERENCE AND THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
IBM will not be liable to you or indemnify you for any claims related to the Excluded Components
IBM will not be liable for any direct, indirect, incidental, special, exemplary, punitive or consequential damages with respect to the Excluded Components.

Document change history

Change Date	Reason	Modified by
11 September 2018	Created initial draft for 3.0.0-ISS-SKLM-FP0002	AP
3 October 2018	Created final draft for 3.0.0-ISS-SKLM-FP0002	AP

End of Document