Appendix Q. Setting up GSKit to support CMS key databases
To set up GSKit to support Certificate Management Services (CMS)
key databases using the iKeyman GUI, complete the following procedure
before starting the GUI:
Ensure that you have installed GSKit version 8.
Set JAVA_HOME to point to the java subdirectory of the Tivoli® Directory Server installation
directory.
Ensure that the local_policy.jar and US_export_policy.jar files
are present in $JAVA_HOME/jre/lib/security.
Depending on your setup, do one of the following:
Configure Java Runtime
Environment 1.6 (platforms other than Solaris and HP-UX (Itanium))
In the $JAVA_HOME/jre/lib/security/java.security file, check
if the following entry to register the CMS provider is present. If
the entry does not exist, add this entry in the java.security file
by entering the following:
Configure Java Runtime
Environment 1.6 with FIPS support (platforms other than Solaris and
HP-UX (Itanium))
In the $JAVA_HOME/jre/lib/security/java.security file, check
if the following entries to register the CMS provider and IBM® JCE FIPS security provider are
present. If the entries do not exist, add these entries in the java.security
file by entering the following:
Configure Java Runtime
Environment 1.6 with PKCS#11 crypto hardware support (platforms other
than Solaris and HP-UX (Itanium))
Obtain the pkcs#11 native support libraries from your crypto card
vendor.
In the $JAVA_HOME/jre/lib/security/java.security file, check if
the following entry to register the CMS provider is present. If the
entry does not exist, add this entry in the java.security file by
entering the following:
Configure Java Runtime
Environment 1.6 with FIPS support and PKCS#11 crypto hardware support
(platforms other than Solaris and HP-UX (Itanium))
Obtain the pkcs#11 native support libraries from your crypto card
vendor.
In the $JAVA_HOME/jre/lib/security/java.security file, check if
the following entries to register the CMS provider and IBM JCE FIPS security provider are
present. If the entries do not exist, add these entries in the java.security
file by entering the following:
Configure Java Runtime
Environment 1.6 (Solaris and HP-UX (Itanium) platforms)
In the $JAVA_HOME/jre/lib/security/java.security file, check
if the following entry to register the CMS provider is present. If
the entry does not exist, add this entry in the java.security file
by entering the following:
Read the file
located at $JAVA_HOME/docs/READMEFIRST.
Configure Java Runtime
Environment 1.6 with FIPS support (IBM JRE
for Solaris and HP-UX (Itanium)
platforms)
In the $JAVA_HOME/jre/lib/security/java.security file, check
if the following entries to register the CMS provider and IBM JCE FIPS security provider are
present. If the entries do not exist, add these entries in the java.security
file by entering the following:
Read the file
located at $JAVA_HOME/docs/READMEFIRST.
Configure Java Runtime
Environment 1.6 with PKCS#11 crypto hardware support (IBM JRE for Solaris and HP-UX (Itanium) platforms)
Obtain the pkcs#11 native support libraries from your crypto card
vendor.
In the $JAVA_HOME/jre/lib/security/java.security file, check if
the following entry to register the CMS provider is present. If the
entry does not exist, add this entry in the java.security file by
entering the following:
Read the file located at $JAVA_HOME/docs/READMEFIRST.
Configure Java Runtime
Environment 1.6 with FIPS support and PKCS#11 crypto hardware support
(IBM JRE for Solaris and HP-UX
(Itanium) platforms)
Obtain the pkcs#11 native support libraries from your crypto card
vendor.
In the $JAVA_HOME/jre/lib/security/java.security file, check if
the following entries to register the CMS provider and IBM JCE FIPS security provider are
present. If the entries do not exist, add these entries in the java.security
file by entering the following: