Siebel Analytics Platform Installation and Configuration Guide > User Authentication Support in Siebel Analytics >

Configuring IKeyMan for CMS Key Generation


Analytics License: All licenses.

Operating Systems: All.

This topic is part of User Authentication Support in Siebel Analytics, and a task of the Process of Configuring LDAP and ADSI for Analytics Authentication.

IBM's IKeyMan, a Java-based tool, is used to create key database files for LDAP authentication over SSL (Secure Sockets Layer). A key database file stores digital certificates based on the X.509 standard.

IKeyMan can generate several kinds of key database files, but an LDAP client can use only key database files of the CMS type. The extension of this file type is .kdb.

NOTE:  An IBM or an IBM-equivalent JDK must already be installed. The correct version of Java is required for IKeyMan to work properly. For installation of IBM GSK iKeyMan, see Security Guide for Siebel Business Applications. For supported versions of the Java runtime engine, see Siebel System Requirements and Supported Platforms.

To configure IKeyMan to allow creation of CMS key database files

  1. Set JAVA_HOME to point to the directory where JDK was installed.

    For example:

    • On Windows, set JAVA_HOME=C:\Progam Files\IBM\Java142.
    • On UNIX, export JAVA_HOME=/usr/opt/IBMJava1_4_2.
  2. Remove the gskikm.jar and ibmjcaprovider.jar files from your ${JAVA_HOME}/jre/lib/ext directory.
  3. Make sure that ${JAVA_HOME}/jre/lib/ext has the following jar files:
    • ibmjceprovider.jar
    • ibmpkcs.jar
    • ibmjcefw.jar
    • local_policy.jar
    • US_export_policy.jar
    • ibmjlog.jar
    • ibmjsse.jar

      Copy these jar files from the GSKit installation path /classes/jre/lib/ext.

  4. Register the IBM JCE and IBM CMS service providers.

    Update the file ${JAVA_HOME}/jre/lib/security/java.security to add the IBMJCE provider and IBMCMS provider after the Sun provider. For example:

    • security.provider.1=sun.security.provider.Sun
    • security.provider.2=com.ibm.spi.IBMCMSProvider
    • security.provider.3=com.ibm.crypto.provider.IBMJCE

      A sample java.security file is in GSKit Installation path \classes\gsk_java.security.

Siebel Analytics Platform Installation and Configuration Guide