|
|
WebLogic Enterprise Encryption Package Installation on UNIX Systems
This chapter explains how to install the following optional BEA WebLogic Enterprise Encryption Package software products on the supported UNIX systems:
This topic includes the following sections:
Notes: The Encryption Package software described in this chapter is distinct and separate from the SSL software that you install on J-Engine server systems, as described in Part II of this document.
When installing the Encryption Package software (formerly called Security Service) on a Tuxedo-only system, only the encryption libraries are updated. None of the SSL files are installed, nor are the SSL plug-ins registered.When installing on any other system (CORBA C++, CORBA Java, etc.), the encryption libraries are updated, the information about SSL is prompted for, the SSL files are installed, and the plug-ins are registered.
Also note that the Encryption software cannot be installed on a RMI/EJB client-only system.
For information about installing WebLogic Enterprise Encryption Package software on a Microsoft Windows system, see WebLogic Enterprise Encryption Package Installation on Windows Systems.
The WebLogic Enterprise Encryption Package software is packaged on a CD that is separate from the WebLogic Enterprise product box. A WebLogic Enterprise Encryption Package CD is distributed only if you purchased this software. This software provides 56-bit or 128-bit Secure Sockets Layer (SSL) and Link Level Encryption (LLE) features for WebLogic Enterprise applications. Each level of encryption is packaged on a separate CD.
The installation screens are similar for both levels of security. In this chapter, the sample screens are from a WebLogic Enterprise 5.1 56-bit Encryption Package installation on a Sun Solaris 2.6 system.
Before You Install
This topic includes the following sections:
If you are installing a WebLogic Enterprise 5.1 Encryption Package product to support WebLogic Enterprise Connectivity (WLEC), you need to take the following steps:
Confirming That the WebLogic Enterprise 5.1 Software Has Been Installed
Before you can install the WebLogic Enterprise 5.1 Encryption Package software, you must first install at least one WebLogic Enterprise 5.1 server component, or one of the following WebLogic Enterprise 5.1 client component options:
The environment variables discussed in the section "Setting Up Your Environment on UNIX Systems" on page 4-12 must be set prior to installing the WebLogic Enterprise Encryption Package software. The TUXDIR and dynamic shared library path variables are critical to the success of this Encryption Package installation, because the SSL plug-in registration step depends on these variables.
LDAP Information Required During the Installation
During the installation of either the 56-bit or the 128-bit Encryption Package, the procedure will prompt you for the required LDAP server information shown in the following list.
If you do not know the appropriate LDAP values for the prompts, contact the person in your organization or company who is responsible for defining the LDAP server tree. At most companies, this person is the Security Administrator or Directory Services Administrator.
Note: After the installation, it is not possible to modify a file to adjust these values. The only way to change these values is to re-install the product. Therefore, it is important that you understand the appropriate values for the requested information before you start the installation.
Note: These LDAP prompts are not presented if the target system only has the Tuxedo server or client software installed (from WebLogic Enterprise 5.1). In this case, only the WebLogic Enterprise Encryption Package's Link-Level Encryption (LLE) components are installed on the target system. During the WebLogic Enterprise Encryption Package installation procedure, the Secure Sockets Layer (SSL) components are not installed on this type of target system.
Before Re-installation, Back Up LDAP Files
If you are re-installing either the WebLogic Enterprise 56-bit or 128-bit Encryption Package software on a system, the installation procedure will overwrite the LDAP filter file if you selected its default name and location. By default, the LDAP filter file is installed in $TUXDIR/udataobj/security/bea_ldap_filter.dat, where TUXDIR is the directory in which you installed the WebLogic Enterprise software. The filter file is used to define search filters that can further refine the scope of searches in the LDAP server tree.
On re-installation, the Encryption Package installation procedure will also overwrite the LDAP peer validation rule file, $TUXDIR/udataobj/security/peer_val.rul.
Before you re-install the Encryption Package software, temporarily rename these files if you do not want the installation procedure to overwrite them. After the installation procedure, rename the files back to their original names and locations.
Stopping WebLogic Enterprise or BEA Tuxedo Applications and Related Services
Before beginning the installation, ensure that no BEA Tuxedo or WLE client or server applications are running. For information about the tmshutdown command, see Starting and Shutting Down Applications in the Administration section of the WebLogic Enterprise online documentation.
Checking That Your Account Has Administrator Privileges
On most systems, you need superuser privileges to mount the software CD. The account that you log on to to perform the installation must have administrative privileges.
Platforms Supported
The platforms listed in Table 13-1 are supported.
Vendor |
Operating System |
Release/Version |
---|---|---|
Compaq |
Tru64 UNIX |
4.0f on Alpha systems |
HP |
HP-UX |
11.00 32-bit plus patches B.11.00.B0315 |
IBM |
AIX |
4.3.3 |
SCO |
Unixware |
7.1.1 (C++ only) |
Sun Microsystems |
Solaris |
Solaris 2.6 and Solaris 7 (SPARC) |
For the hardware and software requirements for these operating systems, see WebLogic Enterprise T-Engine Platform Data Sheets.
Installing WebLogic Enterprise Encryption Package on UNIX Systems
This section describes how to install the WebLogic Enterprise 56-bit or 128-bit Encryption Package software on the supported UNIX systems. The sample screens show the installation of the 56-bit Encryption Package software on a Solaris 2.6 system.
UNIX Installation Procedure
It takes approximately 10 minutes to install the software.
To install the WebLogic Enterprise Encryption Package software on a UNIX operating system, perform the following steps:
Note: If your system does not have a directly connected CD reader, you can mount the CD on a remote system, share (export) the CD file system, and then mount the remote file system. For detailed instructions for each platform, see WebLogic Enterprise T-Engine Platform Data Sheets. Alternatively, you can mount the CD on a remote system, copy the contents of the CD directory for your platform to the system in which you plan to install the WebLogic Enterprise software, and continue with the remainder of the installation procedure.
sh install.sh.
If all the files are in uppercase characters, begin the installation by entering:
sh INSTALL.SH
** You have chosen to install software for **
BEA WebLogic Enterprise Release 5.1
This directory contains the BEA WLE Installation Software for
Sun Solaris v2.6 on Sun SPARC.
Is this correct? [y,n,q]:
Enter y to proceed; or enter n to redisplay the platform menu; or enter q to quit the installation.
To terminate the installation at any time
press the interrupt key,
typically <del>, <break>, or <ctrl+c>.
The following components are available:
1 security BEA Encryption Package 56
Select the one you wish to install [?,??,q]:
Enter the number 1 to select the Encryption Package; or enter a single question mark (?) to display a brief help message; or enter two question marks (??) to redisplay the menu; or enter q to quit the installation.
The following packages are available:
1 sec56 BEA Encryption Package 56 For WLE
Select the package(s) you wish to install (or 'all' to install
all packages) (default: all) [?,??,q]:
Enter the number 1 or the word all to install the Encryption Package for WebLogic Enterprise; or enter a single question mark (?) to display a brief help message; or enter two question marks (??) to redisplay the menu; or enter q to quit the installation.
BEA Encryption Package 56 For WLE
(sparc) Release 5.1
Copyright (c) 1999 BEA Systems, Inc.
All Rights Reserved.
BEA and WebLogic are trademarks of BEA Systems, Inc.
SSLplus is a trademark of Certicom Corporation, 1999-2000.
BSAFE is a trademark of RSA Data Security, Inc., 1999-2000.
WebLogic Enterprise must be installed prior to installing the Encryption Package
Location of existing BEA software installation (default: /usr/local/wledir) [?,q]:
Press the Enter key if the default value shown matches the base directory location of the WebLogic Enterprise software; or enter the correct path to the WebLogic Enterprise base directory.
Using /usr/local/wledir as the base directory
Determining if sufficient space is available ...
5818 blocks are required
1032768 blocks are available to /usr/local/wledir
Note: In the following displays and steps, all the SSL-related messages and prompts starting with "Unloading...SECSSL.Z" through "Registering SSL plug-in...finished" (in step 20) are not displayed if the system only has Tuxedo server or client software from a WebLogic Enterprise 5.1 software installation. In this case, the Encryption Package installation procedure installs the LLE software, but not the SSL software.
Moving /usr/local/wledir/lib/libgp.so.65 to /usr/local/wledir/lib/libgp.so.65.0
Moving /usr/local/wledir/lib/libgp.a to /usr/local/wledir/lib/libgp.a.0
Unloading /usr/local/wledir/spsol26/security/sec56/SEC56.Z ...
lib/libgp.so.65
lib/libgp.a
2750 blocks
... finished
Unloading /usr/local/wledir/spsol26/security/sec56/SECSSL.Z ...
lib/liborbssl.so.65
lib/libjsec.so
lib/libsecssl.so.65
lib/libwlesec.so.65
lib/libwlesys.so.65
locale/C/IJSSLN.text
locale/C/IJSSLN_CAT
udataobj/security/bea_ldap_filter.dat
udataobj/security/certs/peer_val.rul
udataobj/security/certs/revoked.crl
udataobj/security/certs/trust_ca.cer
2970 blocks
... finished
Enter fully qualified hostname for URL of the LDAP server system. [?,q]:
Enter the LDAP server's fully qualified node name and domain, such as myhost.mydomain.com.
Note: This prompt is not displayed if the system only has Tuxedo server or client software from a WebLogic Enterprise 5.1 software installation.
Enter a port number for the URL of the LDAP server system. [?,q]:
For example, enter 389 if that is the correct port number. If you are not sure, check the value with the system administrator of the LDAP server.
Note: This prompt is not displayed if the system only has Tuxedo server or client software from a WebLogic Enterprise 5.1 software installation.
Using 'myhost.mydomain.com:389' as the URL of the LDAP server/port
Enter a base object for searches in the LDAP server. The base object is the point in the LDAP tree at which you want users to start searching (in this case, to start searching for certificates). There are no strict rules about the syntax for this value. Enter the base object string exactly as it was specified in the LDAP server tree.
Enter a base object for search in LDAP server. [?,q]: o=mydomain.com
For example, you could enter a value such as o=mydomain.com, or a value such as o=trixie@trixieweb.com.
Note: This prompt is not displayed if the system only has Tuxedo server or client software from a WebLogic Enterprise 5.1 software installation.
Using 'o=mydomain.com' as the base object
Note: This message is not displayed if the system only has Tuxedo server or client software from a WebLogic Enterprise 5.1 software installation.
Location and name of LDAP filter file. (default: /usr/local/wledir/udataobj/security/bea_ldap_filter.dat) [?,q]:
The file's default location is shown. Press the Enter key to accept this default; or enter a new value and click Enter.
Note: This prompt is not displayed if the system only has Tuxedo server or client software from a WebLogic Enterprise 5.1 software installation.
Using 'file:///usr/local/wledir/udataobj/security/bea_ldap_filter.dat' as the location and name of LDAP filter file
Note: This message is not displayed if the system only has Tuxedo server or client software from a WebLogic Enterprise 5.1 software installation.
Registering SSL plug-in...
... finished
Note: The Registering SSL... message is not displayed if the system only has Tuxedo server or client software from a WebLogic Enterprise 5.1 software installation.
Changing file permissions...
... finished
Installation of BEA Encryption Package 56 For WLE was successful
Please don't forget to fill out and send in your registration card
Removing (Uninstalling) the WebLogic Enterprise Encryption Package Software from Your System
To remove either the WebLogic Enterprise 56-bit or 128-bit Encryption Package software from your UNIX system, you must:
This also removes the WebLogic Enterprise Encryption Package software, if present.
|
Copyright © 2000 BEA Systems, Inc. All rights reserved.
|