Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Setting up the environment to run gskkyman z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
gskkyman uses the DLLs that are installed with System SSL and must have access to these at run time. gskkyman must also have access to the message catalogs. The /bin directory includes a symbolic link to gskkyman, therefore, if your PATH environment variable contains this directory, gskkyman is located. If your PATH environment variable does not contain this directory, add /usr/lpp/gskssl/bin to your PATH using:
/usr/lib/nls/msg/En_US.IBM-1047 (and /usr/lib/nls/msg/Ja_JP.IBM-939 for JCPT41J installations) include symbolic links to the message catalogs for gskkyman. If they do not include these links, add /usr/lpp/gskssl/lib/nls/msg to your NLSPATH using this command:
This setting assumes that your environment has the LANG environment
variable set to En_US.IBM-1047 (or Ja_JP.IBM-939
for JCPT41J installations that expect Japanese messages and
prompts). If LANG is not set properly, set the NLSPATH environment
variable using this command:
or
for JCPT41J installations that expect Japanese messages and
prompts:
The DLLs for System SSL are installed into a partitioned data set (PDSE) in HLQ.SIEALNKE. These DLLs are not installed in SYS1.LPALIB by default. If System SSL is to execute in FIPS mode, the DLLs in the HLQ.SIEALNKE data set cannot be put into the LPA. If the System SSL DLLs are not in either the dynamic LPA or system
link list, you must set the STEPLIB environment variable to find the
DLLs. For example:
During installation, the sticky bit is set on for the gskkyman utility. If the sticky is turned off, attempts to invoke the gskkyman utility results in message GSK00009E indicating that a problem exists with the installation of the SSL utility, gskkyman. To check the sticky bit setting, issue:
The
first part of the output should be:
The t indicates that the sticky bit is on. To set the sticky bit on, from an authorized id, issue:
If access to the ICSF callable services are protected with CSFSERV
class profiles on your system, the user ID issuing the gskkyman utility
might need to be given READ authority to call ICSF callable services
CSFIQA, CSFPPRF, CSFPGKP, CSFPGSK, CSFPGAV, CSFPTRD, CSFPTRC, CSFPPKS,
and CSFPPKV. If these callable services are protected with a generic
CSF* profile in the CSFSERV class, access can be granted by entering:
|
Copyright IBM Corporation 1990, 2014
|