The default SSX installation directory is at
C:\SoftwareAG\common\security\ssx (Windows) or at
/opt/softwareag/common/security/ssx (UNIX). The environment variable
SSXDIR should point to the actual SSX installation directory.
The default OpenSSL installation directory is at
C:\SoftwareAG\common\security\openssl (Windows) or at
/opt/softwareag/common/security/openssl (UNIX). The environment variable
TLSDIR should point to the actual OpenSSL installation directory.
The following table briefly explains the directories and most important files that can be found
in the installation directories.
| Directory |
Contents |
| ssx/auth
|
Only available on UNIX systems. This directory belongs to the root user
and contains executables and scripts that require elevated privileges. To handle this directory and
its content properly, the IBM webMethods Installer
and the IBM webMethods Update Manager will need a
sudo password.
- sagssxauthd2. This executable must be owned by the root user and have its
s-bit set. It is a daemon which handles local authentication requests when
authType is
OS; it is started automatically in this case. For
more information, see Using the Pluggable Authentication Module (PAM) on UNIX.
- set_daemon_privs.sh. This Bourne shell script is called during the
installation to set up ownership and permissions of
sagssxauthd2. This script can
also be used again after the installation to set up the ownership and permissions. If it is not
started by the root user, it uses sudo to gain the necessary privileges for its
operation.
|
| ssx/bin
|
Windows: Executables and libraries required to set up and operate SSX.
UNIX: Executables and Bourne shell scripts required to set up SSX.
Important files are:
|
| openssl/bin
|
Windows: Executables and libraries required to set up and operate OpenSSL and
SSX. UNIX: Optional executables for OpenSSL.
Important files for Windows are:
- libcrypto-3-x64-sag.dll
- libssl-3-x64-sag.dll
These are the OpenSSL libraries used by SSX.
|
| ssx/etc
|
Important files are:
- alt_keyfile.txt. This is a sample key file.
CAUTION:
This key file is not suitable for production purposes. You need to create and use a key file like
this when creating technical user credential files. See Additional information about key files.
- ssx_user. This is the default internal user repository. If a password has
been provided during the installation, this file contains an
Administrator account which
might be used during further setup of the products. Otherwise, this file only contains a comment
section and a version identifier. Note:
If using the authentication type TEXT or INTERNAL, it is
strongly recommended that you create and configure a different internal user repository, remove the
initial Administrator account, or at least change the Administrator's password regularly. See Creating internal user repository files.
- ssxsrv.pamd. Only available on Linux. By default, it contains the lowest
possible basic configuration of a PAM service. See Conditions for using PAM.
- ssxconfig. This is an example configuration file to enable proper
verification of the server certificate when using authentication type
LDAP or
ADSI together with the LDAPS protocol or the StartTLS protocol extension. The file
also contains common configuration options when connecting to different LDAP servers. Instructions
on how to use it can be found in TLS/SSL configuration and common defaults for multiple LDAP servers.
|
| openssl/extras |
Scripting and configuration to set up OpenSSL and its FIPS 140-2 module to
work with SSX and other IBM® webMethods
products. |
| openssl/lib64 |
Linux: Libraries required to operate OpenSSL and SSX.
- libcrypto-sag.so.3, libssl-sag.so.3 and respective
symlinks.
Linux: FIPS 140-2 module for OpenSSL.
|
| openssl/lib
|
Windows: FIPS 140-2 module for OpenSSL.
|
| openssl/certs
|
UNIX: Can optionally be used to store trusted CA certificates. This directory
has to be managed with the openssl rehash command line tool. |
| openssl/cert.pem
|
IBM webMethods' default
set of trusted CA certificates. |