Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Security Adapter Authentication > Process of Installing and Configuring LDAP Client Software >

Configuring the IBM GSKit

This topic provides information about configuration steps you must take to enable the Certificate Management Services (CMS) capability before you use the IBM GSKit.

This task is a step in Process of Installing and Configuring LDAP Client Software.

To set up IBM GSKit to support CMS key databases

  1. Install the IBM JDK 1.4.1 or 1.4.2, or an equivalent JDK.
  2. Set JAVA_HOME to point to the directory where the JDK is installed. For example:
    • (Windows) JAVA_HOME=C:\Program Files\IBM\Java14
    • (UNIX) export JAVA_HOME=/usr/opt/IBMJava14
  3. Remove the ibmjsse.jar, gskikm.jar (if it exists) and ibmjcaprovider.jar files from your ${JAVA_HOME}/jre/lib/ext directory.
  4. Be sure that ${JAVA_HOME}/jre/lib/ has the following jar files:
    • ext/ibmjceprovider.jar
    • ext/ibmpkcs.jar
    • ibmjcefw.jar
    • security/local_policy.jar
    • security/US_export_policy.jar
    • ibmpkcs11.jar

      IBM GSKit includes the above jar files, and ibmjsse.jar, in the GSKit installation path. The files are located at GSK_installation_directory\classes\jre\lib\ext. Copy the GSKit jar files to ${JAVA_HOME}/jre/lib/ext.

      JDK 1.4 requires the user to have jurisdiction policy files. Due to the import restrictions for some countries, the jurisdiction policy files distributed with the J2SDK version 1.4.1 software have built-in restrictions on the available cryptographic strength. The Oracle Solaris JDK and many other installations require jurisdiction policy files that contain no restrictions on cryptographic strength.

      For more information about jurisdiction policy files, go to

      http://www.oracle.com/technetwork/java/javase

  5. Register IBM JCE and IBM CMS service providers.

    Update the ${JAVA_HOME}/jre/lib/security/java.security file to add the IBM JCE provider and IBM CMS provider after the Sun provider. For example:

    security.provider.1=sun.security.provider.Sun

    security.provider.2=com.ibm.spi.IBMCMSProvider

    security.provider.3=com.ibm.crypto.provider.IBMJCE

    A sample java.security file for GSKit users is located in GSK_installation_directory\classes\gsk_java.security.

    
Siebel Security Guide Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices.