Abstract
Readme documentation for IBM Security Key Lifecycle Manager for Distributed Platforms, Version 4.0.0 Fix Pack 3 (4.0.0.3) including installation-related instructions, prerequisites and corequisites, and a list of fixes.
Fix pack publish date: 15th January 2021
Contents
List of fixes and features
Download instructions
Supported platforms
Prerequisites
Known limitations
Installation information
Variable definitions
Installing the IBM Security Key Lifecycle Manager fix pack
Installing fix pack when IBM Security Key Lifecycle Manager Multi-Master environment is set up
Uninstalling the IBM Security Key Lifecycle Manager along with fix pack
Copyright and trademark information
List of fixes and features
Features included in Version 4.0.0.3
None |
Features included in Version 4.0.0.2
None |
Features included in Version 4.0.0.1
|
APAR fixes included in Version 4.0.0.3
APAR No. |
Sev. |
Abstract |
3 |
CTGKM3506E CANNOT FIND THE FILE $(SKLM_DATA)/$(SKLM_DATA)/KMIP_SELF_SIGNED_CERT.PEM. |
|
1 |
UNABLE TO TURN OFF INCREMENTAL BACKUPS IN 4.0.0.2 |
|
3 |
THE 'DAILY REPLICATION TIME' SETTING CANNOT BE SAVED FROM GUI |
|
2 |
MODIFY OWNER OR PARTNER CERT DOES NOT WORK IN P2P DEVICE GROUP IN SKLM 4002 |
|
1 |
DO NOT PERFORM BACKUP/RESTORE IF TKLM.ENCRYPTION.KEYSIZE ISNT SET |
|
1 |
SKLMCONFIG.PROPERTIES GETS TRUNCATED WITH REPLICATION ENABLED |
APAR fixes included in Version 4.0.0.2
APAR No. |
Sev. |
Abstract |
2 |
UNABLE TO INSTALL DB2 UNIVERSAL FIX PACK ON SKLM 4.0 INSTALL |
|
2 |
IBM SECURITY KEY LIFECYCLE MANAGER V4.0 CLIENT CERTIFICATE NAME GETTING CHANGED ON CLONE POST INCREMENTAL REPLICATION |
|
1 |
SWAGGER DOES NOT HAVE ALL SKLM REST API COMMANDS |
|
2 |
CROSS MIGRATION FROM 3.0 FP TO 4.0 GIVES SQL PREPARED STATEMEMENT EXCEPTION AND UNIQUE KEY CONSTRAINT EXCEPTION |
|
2 |
PROBLEMS OCCUR WHEN PERFORMING EKM 2.1 TO SKLM 4.0 MIGRATION |
APAR fixes included in Version 4.0.0.1
APAR No. |
Sev. |
Abstract |
3 |
IBM SECURITY KEY LIFECYCLE MANAGER V4.0 PASSWORD POLICY VIOLATION FUNCTION DOES NOT WORK IN JAPANESE ENVIONMENT |
Download instructions
Platform |
File name |
Command |
Checksum |
4.0.0-ISS-SKLM-FP0003-AIX.tar.gz |
md5sum FileName.tar.gz For example (UNIX/Linux):
md5sum 4.0.0-ISS-SKLM-FP0003-zLinux.tar.gz |
54aa25a03ecbba2b616e7cc48441dd05 |
|
4.0.0-ISS-SKLM-FP0003-Linux.tar.gz |
e9430109047f1e6ed333e3dd0a74f1e0 |
||
4.0.0-ISS-SKLM-FP0003-zLinux.tar.gz |
a433c220fc1dd193d400338d2e189eef |
||
4.0.0-ISS-SKLM-FP0003-LinuxPPC.tar.gz |
60036a1238bd3a95b93789ca1e455a83 |
||
4.0.0-ISS-SKLM-FP0003-Windows.zip |
certutil -hashfile FileName.zip md5
For example (Windows):
certutil -hashfile 4.0.0-ISS-SKLM-FP0003-Windows.zip md5 |
3f1ad5ba2c82e849f9a28a20208b310d |
Supported platforms
See IBM Security Key Lifecycle Manager Support Matrix.
Fix pack files per platform
S.No. |
Instruction |
Windows Commands |
UNIX/Linux Commands |
1. |
Windows - Open a command prompt. Linux / AIX - Open a ksh or bash shell. |
Click the Start button, click Run, type cmd, and click the OK button. |
If your default shell is not ksh or bash, run "exec ksh" or "exec bash". |
2. |
Stop WebSphere Application Server. |
WAS_HOME\bin\stopServer.bat server1 -username WAS_ADMIN -password WAS_PASSWORD |
WAS_HOME/bin/stopServer.sh server1 -username WAS_ADMIN -password WAS_PASSWORD |
3. |
Make a temporary directory. |
mkdir WAS_BACKUP_DIRECTORY |
mkdir WAS_BACKUP_DIRECTORY |
4. |
Change directory to the temporary directory. |
cd C:\wasbackup |
cd /tmp/wasbackup |
5. |
Copy or archive the files from the directory where WebSphere Application Server is installed. |
xcopy /y /e /d WAS_HOME C:\wasbackup |
tar -cvf wasbackup.tar WAS_HOME/* |
6. |
Start WebSphere Application Server. |
WAS_HOME\bin\startServer.bat server1 |
WAS_HOME/bin/startServer.sh server1 |
Installing the fix pack
Installing a fix pack involves the following steps:
A. Complete the prerequisites.
B. Prepare to install the fix pack.
C. Install the fix pack:
D. Complete the post fix-pack installation tasks.
Prepare to install the fix pack
Windows: 4.0.0-ISS-SKLM-FP0003-Windows.zip [Right-click and extract all] UNIX/Linux: tar -xvf 4.0.0-ISS-SKLM-FP0003-Linux.tar.gz Note: Use the platform-specific file.
Installing the fix pack by using the graphical user interface
S. No. |
Instruction |
Steps |
1. |
Stop WebSphere Application Server, update Java SDK, and then start Installation Manager in GUI mode. |
Windows
For example: UNIX/Linux
chmod +x ./updateSKLM.sh ./updateSKLM.sh IM_INSTALL_LOCATION WAS_HOME WAS_ADMIN WAS_PASSWORD For example: |
2. |
Select the IBM Security Key Lifecycle Manager, Version 4.0 software package group. |
1. Select the base offering software package group (IBM Security Key Lifecycle Manager, Version 4.0). 2. Click Next. 3. In the Update Packages panel, select Version 4.0.0.3, and click Next. |
3. |
Provide credentials for |
|
4. |
Complete the final step. |
In the Update Packages > Summary panel, review the software packages that you want to install, and click Update. |
Installing a fix pack silently
S. No. |
Instruction |
Steps |
1. |
Launch the Installation Manager utility to encrypt the passwords for users as required. |
Windows Run the following command to generate an encrypted password: UNIX/LINUX Run the following command to generate an encrypted password: |
2. |
Back up the response file. |
Rename the original response file to create a backup of the file: |
3. |
Edit the response file. |
Windows Edit the response file SKLM_Silent_Update_platform_Resp.xml.
UNIX/Linux Edit the response file: SKLM_Silent_Update_platform_Resp.xml
|
4. |
Install the fix pack. |
Windows
For example: C:\sklminstall_windowsfp For example: /sklminstall_linuxfp
silent_updateSKLM.bat IM_INSTALL_LOCATION WAS_HOME WAS_ADMIN WAS_PASSWORD For example: silent_updateSKLM.bat "C:\Program Files\IBM\Installation Manager" "C:\Program Files \IBM\WebSphere\AppServer" wasadmin wasadminpwd UNIX/Linux
chmod +x ./silent_updateSKLM.sh ./silent_updateSKLM.sh IM_INSTALL_LOCATION WAS_HOME WAS_ADMIN WAS_PASSWORD For example: ./silent_updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/AppServer wasadmin wasadminpwd |
Post fix-pack installation
Use one of the following methods to verify the installation.
IBM Security Key Lifecycle Manager Version = 4.0.0.3
IBM Security Key Lifecycle Manager Build Level = 202101080146
WebSphere Application Server Version = 9.0.5.0
DB2 Version = 11.1.4.4
Java Version = JRE 1.8.0_211 IBM J9 VM 2.9
Operating System Version = Linux:3.10.0-957.21.3.el7.x86_64:amd64
Agent Version : 1.0
Installing IBM Security Key Lifecycle Manager with the fix pack when a Multi-Master environment is set up
Prerequisites
If the original primary master server is currently acting as a standby master server, promote it to primary and then, install the fix pack. Otherwise the database updates are not applied to the cluster.
Important: The following steps uninstall the entire product package, including IBM Security Key Lifecycle Manager, IBM Db2, and WebSphere Application Server, and all your data will be lost. Take a backup before uninstalling.
Uninstalling IBM Security Key Lifecycle Manager with the fix pack by using the graphical user interface
S. No. |
Instruction |
Steps |
1. |
Complete the prerequisites |
Stop the WebSphere Application Server. |
2. |
Uninstall IBM Security Key Lifecycle Manager. |
Windows
Unix/Linux
|
Uninstalling IBM Security Key Lifecycle Manager with the fix pack silently
S. No. |
Instruction |
Steps |
1. |
Edit the silent response file. |
1. Go to the directory that contains the installer files. 2. Back up the original response file SKLM_Uninstall_platform_Resp.xml by renaming it to SKLM_Uninstall_platform_Resp_original.xml. 3. Edit the silent response file SKLM_Uninstall_platform_Resp.xml. |
2. |
Uninstall IBM Security Key Lifecycle Manager. |
Windows
UNIX/Linux
|
Where:
PATH_TO_UNINSTALL_RESPONSE_FILE refers to the uninstallation response file provided or bundled with the fix pack installer.
platform refers to the operating system where the fix pack is being installed / uninstalled. For example: SKLM_Uninstall_platform_Resp.xml on Linux will be SKLM_Uninstall_Linux_Resp.xml
Notices
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.
THIRD-PARTY LICENSE TERMS AND CONDITIONS, NOTICES AND INFORMATION
The license agreement for this product refers you to this file for details concerning terms and conditions applicable to third party software code included in this product, and for certain notices and other information IBM must provide to you under its license to certain software code. The relevant terms and conditions, notices and other information are provided or referenced below. Please note that any non-English version of the licenses below is unofficial and is provided to you for your convenience only. The English version of the licenses below, provided as part of the English version of this file, is the official version.
Notwithstanding the terms and conditions of any other agreement you may have with IBM or any of its related or affiliated entities (collectively "IBM"), the third party software code identified below are "Excluded Components" and are subject to the following terms and conditions:
the Excluded Components are provided on an "AS IS" basis
IBM DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES AND CONDITIONS WITH RESPECT TO THE EXCLUDED COMPONENTS, INCLUDING, BUT NOT LIMITED TO, THE WARRANTY OF NON-INFRINGEMENT OR INTERFERENCE AND THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
IBM will not be liable to you or indemnify you for any claims related to the Excluded Components
IBM will not be liable for any direct, indirect, incidental, special, exemplary, punitive or consequential damages with respect to the Excluded Components.
End of Document