IBM Security Key Lifecycle Manager Version 3.0.1 -- Distributed Platforms Fix Pack 3 README


Abstract

Readme documentation for IBM Security Key Lifecycle Manager for Distributed Platforms, Version 3.0.1 Fix Pack 3 including installation-related instructions, prerequisites and corequisites, and a list of fixes.  All IBM Security Key Lifecycle Manager for Distributed Platforms fix packs are cumulative.  

Fix pack publish date: 22 October 2019

Last modified date: 18 October 2019


Contents

Platform support
Download locations
Prerequisites and corequisites
Known limitations

Installation information
Installing the IBM Security Key Lifecycle Manager fix pack
Prior to fix pack installation
Performing the necessary tasks after fix pack installation
Installing fix pack when IBM Security Key Lifecycle Manager Multi-Master environment is set up
Uninstalling the IBM Security Key Lifecycle Manager along with fix pack
List of fixes and features
Copyright and trademark information
Document change history


Platform support

IBM Security Key Lifecycle Manager, Version 3.0.1 platforms supported

AIX Version 7.1 64-bit

AIX Version 7.2 64-bit

Red Hat Enterprise Linux Version 6.7 x86 64-bit mode

Red Hat Enterprise Linux Version 7.1 - 7.6 on x86 64-bit mode

Red Hat Enterprise Linux Version 7.1 (System z) on x86 64-bit mode

Red Hat Enterprise Linux Version 7.1 (PowerPC Little Endian (LE)) on x86 64-bit mode

SuSE Linux Enterprise Server Version 12 SP3 on x86 64-bit mode

SuSE Linux Enterprise Server Version 12 SP3 (System z) on x86 64-bit mode

Ubuntu 16 x86_64

Windows Server 2012 (64-bit mode for all Intel and AMD processors) Standard Edition

Windows Server 2012 R2 (64-bit mode for all Intel and AMD processors) Standard Edition

Windows Server 2016 (64-bit mode for all Intel and AMD processors) Standard Edition

For more information about supported operating systems, see IBM Security Key Lifecycle Manager Support Matrix.

IBM Security Key Lifecycle Manager Version 3.0.1 has been certified to run on the following virtual environments. The platform running within the virtual machine must be supported by the virtual platform server and Security Key Lifecycle Manager Version 3.0.1 (see "Platform support" table).

IBM Security Key Lifecycle Manager Version 3.0.1 virtual platforms supported

VMWare ESX Server Versions 6.0 and 6.5

 

Download location

Download IBM Security Key Lifecycle Manager, Version 3.0.1 fix pack from IBM Fix Central

1.      Go to IBM Fix Central home page: http://www.ibm.com/support/fixcentral/

2.      For the Product Group, select "Security Systems"

3.      For the Product, select "IBM Security Key Lifecycle Manager".

4.      For Installed Version, select your system's appropriate version level, ie. 3.0.1.

5.      For Platform, select the appropriate platform. Choose "Continue".

6.      At the Identify Fixes page, select the "Browse for Fixes" radio button (default) and choose "Continue".

7.      At the Select Fixes page, choose Fix Pack "3.0.1-ISS-SKLM-FP0003". Choose "Continue".

8.      You might be prompted to "Sign In".  If you do not have an ID, click on the "register now" link and follow the registration steps as appropriate.

9.      At the Download Options page, choose a download method (default is "Download using Download Director").

10.  Select the associated files and README for Fix Pack 3.0.1-ISS-SKLM-FP0003 and select "Download now".

Platforms updated by this Fix Pack

Product/Component Name

Platform

File Name

IBM Security Key Lifecycle Manager version 3.0.1 Fix Pack - 3.0.1-ISS-SKLM-FP0003

AIX

3.0.1-ISS-SKLM-FP0003-AIX.tar.gz

IBM Security Key Lifecycle Manager version 3.0.1 Fix Pack - 3.0.1-ISS-SKLM-FP0003

Linux

3.0.1-ISS-SKLM-FP0003-Linux.tar.gz

IBM Security Key Lifecycle Manager version 3.0.1 Fix Pack - 3.0.1-ISS-SKLM-FP0003

zLinux (System z)

3.0.1-ISS-SKLM-FP0003-zLinux.tar.gz

IBM Security Key Lifecycle Manager version 3.0.1 Fix Pack - 3.0.1-ISS-SKLM-FP0003

Linux PPC

3.0.1-ISS-SKLM-FP0003-LinuxPPC.tar.gz

IBM Security Key Lifecycle Manager version 3.0.1 Fix Pack - 3.0.1-ISS-SKLM-FP0003

Windows

3.0.1-ISS-SKLM-FP0003-Windows.zip

For current version 3.0.1 installations: This fix pack can be installed on systems with IBM Security Key Lifecycle Manager, Version 3.0.1 GA or 3.0.1 fix pack 1 or 3.0.1 fix pack 2.

 

Prerequisites and corequisites

IBM Security Key Lifecycle Manager, Version 3.0.1 GA or 3.0.1 fix pack 1 or 3.0.1 fix pack 2.

Known limitations

Installing the IBM Security Key Lifecycle Manager fix pack

Prior to fix pack installation

1.      Ensure that IBM Security Key Lifecycle Manager is not in use before installing the fix pack. If your facility has a "service maintenance outage" process, consider installing this fix pack during an arranged service outage.

2.      A backup of your IBM Security Key Lifecycle Manager server should be performed prior to installing this fix pack. Follow the steps Backing up critical files in the Administering section of the IBM Security Key Lifecycle Manager Product Manuals.

Backup WebSphere Application Server files on Windows operating system

Instruction

Command

Open a command prompt.

Click the Start button, click Run, type cmd, and click the OK button.

Stop WebSphere Application Server.

<WAS_HOME>\bin\stopServer.bat server1 -username <WAS_ADMIN> -password <WAS_PASSWORD>

Make a temporary directory.

mkdir <WAS_BACKUP_DIRECTORY>
Example: mkdir c:\wasbackup

Change to the temporary directory.

cd c:\wasbackup

Copy the files from the directory where WebSphere Application Server is installed.

xcopy /y /e /d <WAS_HOME> c:\wasbackup

Start WebSphere Application Server.

<WAS_HOME>\bin\startServer.bat server1
Where:
<WAS_HOME> is the directory where WebSphere Application Server is installed
(default:C:\Program Files\IBM\WebSphere\AppServer).

 

Backup WebSphere Application Server files on AIX and Linux operating systems

Instruction

Command

Open a ksh or bash shell.

If your default shell is not ksh or bash, run "exec ksh" or "exec bash".

Stop WebSphere Application Server.

<WAS_HOME>/bin/stopServer.sh server1 -username <WAS_ADMIN> -password <WAS_PASSWORD>

Make a temporary directory.

mkdir <WAS_BACKUP_DIRECTORY>
Example: mkdir /tmp/wasbackup

Change to the temporary directory.

cd /tmp/wasbackup

Archive the files from the directory where WebSphere Application Server is installed.

tar -cvf wasbackup.tar <WAS_HOME>/*

Start WebSphere Application Server.

<WAS_HOME>/bin/startServer.sh server1
Where:
<WAS_HOME> is the directory where WebSphere Application Server is installed (default: /opt/IBM/WebSphere/AppServer).

 

Before fix pack installation

Instruction

Steps

Make a repository directory.

  1. Open a command prompt.
  2. Make a repository, i.e. a directory where you extract the update installer.

Windows

Default repository directory is C:\sklminstall_windowsfp
mkdir C:\sklminstall_windowsfp

Unix

Default repository directory is /sklminstall_linuxfp
mkdir /sklminstall_linuxfp

Change directory to the directory created.

Windows

cd C:\sklminstall_windowsfp

Unix

cd /sklminstall_linuxfp

Download the fix pack into the repository directory.

Link to fix pack download table

Extract the downloaded file.

Windows

Extract the downloaded file: 3.0.1-ISS-SKLM-FP0003-Windows.zip

Unix

Extract the downloaded file: 3.0.1-ISS-SKLM-FP0003-Linux.tar.gz

 

Steps for installing fix pack for IBM Security Key Lifecycle Manager, Version 3.0.1 on Windows and Unix operating systems in GUI mode

Instruction

Steps

Stop WebSphere Application Server, update Java SDK, and then start Installation Manager in GUI mode.

Windows

  1. Open a command window, and change to the repository directory. Example:
    C:\sklminstall_windowsfp
  2. Run the following command.
    updateSKLM.bat <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD>

Example:
updateSKLM.bat "c:\Program Files\IBM\Installation Manager" "c:\Program Files\IBM\WebSphere\AppServer" wasadmin wasadminpwd

Unix

  1. Open a command window, and change to the repository directory. Example: /sklminstall_linuxfp
  2. Run the following commands.

chmod +x ./updateSKLM.sh

./updateSKLM.sh <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD>

Example:
updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/AppServer wasadmin wasadminpwd

Where:

<IM_INSTALL_LOCATION> refers to the installation root directory for IBM Installation Manager. Default value on Windows system is “c:\Program Files\IBM\Installation Manager”. For Linux system: “/opt/IBM/InstallationManager”

<WAS_HOME> refers to installation root directory for WebSphere Application Server (WAS). Default value on Windows system is "c:\Program Files\IBM\WebSphere\AppServer". For Linux system: /opt/IBM/WebSphere/AppServer

<WAS_ADMIN> refers to the ID for the WebSphere Application Server Administrator.

<WAS_PASSWORD> refers to the password for the WebSphere Application Server Administrator.

Select the IBM Security Key Lifecycle Manager, Version 3.0.1 software package group.

1.      Select the base offering software package group (IBM Security Key Lifecycle Manager, Version 3.0.1).

2.      Click Next.

3.      In the Update Packages updates panel, select Version 3.0.1.3, and click Next.

Provide credentials for
WebSphere Application Server admin user
(default: wasadmin)
SKLM admin user
(default: SKLMAdmin) and DB2 user
(default: sklmdb30).

  1. In the Update Packages Configuration for IBM Security Key Lifecycle Manager v3.0.1.3 panel:
    • Enter Username and Password for Application Server Administrator.
    • Enter Username and Password for IBM Security Key Lifecycle Manager Application Administrator.
    • Enter Username and Password for IBM DB2 user.
  2. Click the Validate Credentials button.
    Validation might take few minutes, wait till the Next button is enabled.
  3. Click Next.

Click the Update button.

In the Update Packages > Summary panel, review the software packages that you want to install and click Update.
After Installation Manager successfully updates the fix pack for the services that you select, a message is displayed.

 

Steps for installing a fix pack for IBM Security Key Lifecycle Manager, Version 3.0.1 on Windows and Unix operating systems in silent mode

Instruction

Steps

Installation Manager utility to encrypt the passwords for users as required.

  1. Open a command window.
  2. Change to the <IM_INSTALL_LOCATION>/eclipse/tools directory.

Windows

Run the following command to generate an encrypted password:
imcl.exe encryptString <password_to_encrypt>

Unix

Run the following command to generate an encrypted password:
./imcl encryptString <password_to_encrypt>

Make a backup of the response file.

Create a backup of original response file SKLM_Silent_Update_<platform>_Resp.xml by renaming it.
For example: SKLM_Silent_Update_<platform>_Resp_original.xml

This file will be located in the sklm sub-folder under the repository directory where fix pack is extracted.

Edit the response file.

Windows

Edit the silent response file "SKLM_Silent_Update_<platform>_Resp.xml".

  1. Edit the repository location to point to current location of installables.
    (Sample:
    <repository location='C:\sklminstall_windowsfp\sklm'/>)
  2. Edit WASAdmin username and password (Password need to be encrypted).
    (Sample:
    <data key='user.WAS_ADMIN_ID,com.ibm.sklm301.win>value='wasadmin'/>
    <data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm301.win>value='e9PjN93MeQxwnSs9VXJFMw=='/>)
  3. Edit SKLMAdmin username and password (Password need to be encrypted).
    (Sample:
    <data key='user.SKLM_ADMIN_ID,com.ibm.sklm301.win>value='SKLMAdmin'/>
    <data key='user.SKLM_ADMIN_PASSWORD,com.ibm.sklm301.win>value='9YTRJMRIydDSdfhaHPs1ag=='/>)
  4. Edit DB user username and password (Password need to be encrypted).
    (Sample:
    <data key='user.DB2_ADMIN_PWD,com.ibm.sklm301.db2.win.ofng' value='sklmdb30'/>
    <datadata key='user.CONFIRM_PASSWORD,com.ibm.sklm301.db2.win.ofng' value='QTh/0AiFvrljhs9gnOYkGA=='/>)

Unix

Edit the silent response file "SKLM_Silent_Update_<platform>_Resp.xml".

  1. Edit the repository location to point to current location of installables.
    (Sample for Linux:<repository location='/sklminstall_linuxfp/sklm'/>)
  2. Edit WASAdmin username and password (Password need to be encrypted).
    (Sample:
    <data key='user.WAS_ADMIN_ID,com.ibm.sklm301.linux>value='wasadmin'/>
    <data key='user.WAS_ADMIN_PASSWORD,com.ibm.sklm.Linux>value='e9PjN93MeQxwnSs9VXJFMw=='/>)
  3. Edit SKLMAdmin username and password (Password need to be encrypted).
    (Sample:
    <data key='user.SKLM_ADMIN_ID,com.ibm.sklm301.linux>value='SKLMAdmin'/>
    <data key='user.SKLM_ADMIN_PASSWORD,com.ibm.sklm301.linux>value='9YTRJMRIydDSdfhaHPs1ag=='/>)
  4. Edit DB user username and password (Password need to be encrypted).
    (Sample:
    <data key='user.DB2_ADMIN_ID,com.ibm.sklm301.db2.lin.ofng' value='sklmdb30'/>
    <data key='user.DB2_ADMIN_PWD,com.ibm.sklm301.db2.lin.ofng' value='QTh/0AiFvrljhs9gnOYkGA=='/>)

Install the fix pack.

Windows

  1. Open a command window, and change to the repository directory.

Example: C:\sklminstall_windowsfp

  1. Run the following command:

silent_updateSKLM.bat <IM_INSTALL_LOCATION> <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD>

Example:

silent_updateSKLM.bat "c:\Program Files\IBM\Installation Manager" "c:\Program Files \IBM\WebSphere\AppServer" wasadmin wasadminpwd

Unix

  1. Open a command window, and change to the repository directory.

Example: /sklminstall_linuxfp

  1. Run the following commands:

chmod +x ./silent_updateSKLM.sh

./silent_updateSKLM.sh <IM_INSTALL_LOCATION > <WAS_HOME> <WAS_ADMIN> <WAS_PASSWORD>

Example:

./silent_updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/AppServer wasadmin wasadminpwd.

Where:

IM_INSTALL_LOCATION refers to the installation root directory for IBM Installation Manager. Default value on Windows system is “c:\Program Files\IBM\Installation Manager”. For Linux system: “/opt/IBM/InstallationManager”

<WAS_HOME> refers to installation root directory for WebSphere Application Server. Default value on Windows system is "c:\Program Files\IBM\WebSphere\AppServer". For Linux system: /opt/IBM/WebSphere/AppServer

WAS_ADMIN refers to the ID for the WebSphere Application Server Administrator.

WAS_PASSWORD refers to the password for the WebSphere Application Server Administrator.

Check logs for fix pack installation success.

View the log file output produced for successful fix pack installation.
Log files are located at: <Installation_Manager_Home>/logs/native



  Performing the necessary tasks after fix pack installation

1.      Verify Installation - Run the wsadmin AdminTask.tklmVersionInfo() command.

Unix users:

  1. Open a shell (ksh or bash).

  2. Type: cd <WAS_HOME>/bin/

    Type: ./wsadmin.sh -lang jython -username <sklmadminUserID> -password <sklmadminPassword>

    Example: ./wsadmin.sh -lang jython -username sklmadmin -password sklmpassword

  3. At the wsadmin> prompt, type: print AdminTask.tklmVersionInfo()

Windows users:

  1. Open a command prompt.

  2. Type: cd <WAS_HOME>\bin

    wsadmin -lang jython -username <sklmadminUserID> -password <sklmadminPassword>

    Example: wsadmin.bat -lang jython -username sklmadmin -password sklmpassword

  3. At the wsadmin> prompt, type: print AdminTask.tklmVersionInfo()

  4. Check the output of the tklmVersionInfo command:

    IBM Security Key Lifecycle Manager Version = 3.0.1.3

    IBM Security Key Lifecycle Manager Build Level = 201910181126

    WebSphere Application Server Version = 9.0.0.5

    DB2 Version = 11.1.2020.1393

    Java Version = JRE 1.8.0_144 IBM J9 VM 2.9

    Operating System Version = Windows Server 2016:10.0:amd64

    Agent Version : 1.0

You can also view the detailed server information such as version number of IBM Security Key Lifecycle Manager, DB2, Java, and WebSphere Application Server through GUI.

  1. Log on to the graphical user interface.

  2. On the welcome page header bar, click the Help icon.

  3. Click About.

2.      A backup of your IBM Security Key Lifecycle Manager server must be performed after installing this fix pack. Follow the steps Backing up critical files in the Administering section of the IBM Security Key Lifecycle Manager Product Manuals.


Installing fix pack when IBM Security Key Lifecycle Manager Multi-Master environment is set up


Prerequisite for fix pack installation:

If the original primary master server is currently acting as a standby master server, promote it to primary and then, install the fix pack. Otherwise the database updates are not applied to the cluster. To promote a master server to primary, follow the instructions given in this topic: https://www.ibm.com/support/knowledgecenter/en/SSWPVP_3.0.1/com.ibm.sklm.doc/admin/tsk/tsk_ic_admin_multimaster_promote_node_to_primary.html

Steps: