IBM Support

IBM Security Guardium Key Lifecycle Manager Version 4.1.1 - Fix Pack 7 README

Fix Readme


Abstract

Readme file for IBM Security Guardium Key Lifecycle Manager for Distributed and Containerized Platforms, Version 4.1.1 Fix Pack 7 (4.1.1.7) including installation-related instructions, prerequisites and corequisites, and a list of fixes.
Websphere Liberty version shipped with this fixpack is 22.0.0.9.

Content

Features included in Guardium Key Lifecycle Manager Traditional Version 4.1.1.7

  • Security fixes: Following CVEs have been fixed - CVE-2009-2667, CVE-2023-25685, CVE-2023-25921 , CVE-2023-25922, CVE-2023-25925 and CVE-2023-25926
  • Internal defect fixes:
    • GKLM service not reopening connection to syslog after TCP session reset
    • Improvisation in connection pool getting exhausted in case of replication and multimaster
    • Fixes around replicationConfigProperties REST service
    • Fixed export of of DS8K device group having expired certificate
    • Improvement and bug fixes in mulitmaster in ROS mode
  • Upgraded middleware versions:
    • WebSphere Application Server Liberty 22.0.0.9

For more information, see IBM Security Guardium Key Lifecycle Manager Version 4.1.1 Fix Packs.

APAR fixes included in Version 4.1.1.7

APAR No.

Sev.

Abstract

IJ41113

3

Unable to import CA signed certification when CSR is having whitespace in name.

IJ42170

2

Must use domain user as GKLM admin user while installing GKLM as domain user.

IJ42218

3

Device serial number is coming as garbled character in case of IPP in GKLM debug log.

IJ43168

3

Unable to add LDAP user having comma in their CN.

IJ43519

3

Unable to create CSR in GKLM 4.1.1 due to comman in organization name.

IJ44382

2

Higher number of keys cause Db2 query slowdown.

IJ44475

3

NAME attribute is not set when KMIP create request is send without key name.

 
 

APAR fixes included in Version 4.1.1.6

None

For more information, see IBM Security Guardium Key Lifecycle Manager Version 4.1.1.6 readme.

 

APAR fixes included in Version 4.1.1.5

APAR No.

Sev.

Abstract

IJ39331

3

AFTER APPLYING FIX PACK 3, INSTALLATION MANAGER STILL HAS LOG4J FILES AT VULNERABLE LEVEL

IJ39961

2

 OLD KEYS HAVE MIXED CASES FOR ALIAS AND NAME CAUSING SEARCHES BY
 NAMETYPE TO FAIL RESULTING IN KEYS NOT BEING SERVED

IJ40026

2

AFTER UPGRADING FROM 4104 TO 4114 A9000 SYSTEMS NO LONGER RECEIVE KEYS

For more information, see IBM Security Guardium Key Lifecycle Manager Version 4.1.1.5 readme.

 
 

APAR fixes included in Version 4.1.1.4

APAR No.

Sev.

Abstract

IJ37808

3

Failure attempting to list more than 2000 keys in an LTO group.

IJ38045

3

Enable partial label search for certificate alias for 3592 device group.

IJ38043

2

Changes in GKLM 4.1.1.2 cause KMIP exchanges to fail that previously worked.

IJ38510

2

GKLM 4.1.1 restore fails when using enableHighScaleBackup parameter in SKLMConfig.properties file.

IJ39124

3

GKLM GUI loading issue on Internet Explorer after applying the GKLM 4.1.1.3 fix pack.

IJ38792

3

Restore of a backup fails with the error CTGKM0904W stating that a backup task is already in progress due to a Db2 field that has locked the backup.

For more information, see IBM Security Guardium Key Lifecycle Manager Version 4.1.1.4 readme.

 
 

APAR fixes included in Version 4.1.1.3

None

For more information, see IBM Security Guardium Key Lifecycle Manager Version 4.1.1.3 readme.

 
 

APAR fixes included in Version 4.1.1.2

None

For more information, see IBM Security Guardium Key Lifecycle Manager Version 4.1.1.2 readme.

 

APAR fixes included in Version 4.1.1.1

None

For more information, see IBM Security Guardium Key Lifecycle Manager Version 4.1.1.1 readme.

Back to top

Download instructions

  1. Go to IBM Fix Central home page: http://www.ibm.com/support/fixcentral/
  2. In the Product selector field, type IBM Security Key Lifecycle Manager, and select the product name when it appears.
  3. From the Installed Version list, select 4.1.1.
  4. From the Platform list, select the appropriate platform, and click Continue.
  5. On the Identify Fixes page, ensure that the Browse for Fixes is selected, and click Continue.
  6. On the Select Fixes page, select fix pack 4.1.1-ISS-GKLM-FP0007, and click Continue.
    You might be prompted to Sign In.  If you do not have an ID, click the Register now link and follow the registration steps.
  7. On the Download options page, select a download method (default is Download using Download Director).
  8. Select the associated files and README for fix pack: 4.1.1-ISS-GKLM-FP0007 and click Download now.

Back to top

Supported platforms

See IBM Security Guardium Key Lifecycle Manager Support Matrix.

Fix pack files per platform for IBM Security Guardium Key Lifecycle Manager Traditional

Product/Component name

Platform

File name

Command

Checksum

IBM Security Guardium Key Lifecycle Manager version 4.1.1 Fix Pack - 4.1.1-ISS-GKLM-FP0007

AIX

4.1.1-ISS-GKLM-FP0007-AIX.tar.gz

 md5sum FileName.tar.gz

For example (UNIX/Linux): md5sum 4.1.1-ISS-GKLM-FP0007-AIX.tar.gz

Sample output
bd2b7d69cce43ec283fc46de99ec4ea0 4.1.1-ISS-GKLM-FP0007-AIX.tar.gz

bd2b7d69cce43ec283fc46de99ec4ea0

IBM Security Guardium Key Lifecycle Manager version 4.1.1 Fix Pack - 4.1.1-ISS-GKLM-FP0007

Linux

4.1.1-ISS-GKLM-FP0007-Linux.tar.gz

d637ca76b9a528c7a89d59a47ea35bf8

IBM Security Guardium Key Lifecycle Manager version 4.1.1 Fix Pack - 4.1.1-ISS-GKLM-FP0007

zLinux (IBM Z)

4.1.1-ISS-GKLM-FP0007-zLinux.tar.gz

dda5217bae6fcf16c2de46a84f2c82c2

IBM Security Guardium Key Lifecycle Manager version 4.1.1 Fix Pack - 4.1.1-ISS-GKLM-FP0007

Linux PPC

4.1.1-ISS-GKLM-FP0007-LinuxPPC.tar.gz

9efc199f859e73e18e848b15f4e83620

IBM Security Guardium Key Lifecycle Manager version 4.1.1 Fix Pack - 4.1.1-ISS-GKLM-FP0007

Windows

4.1.1-ISS-GKLM-FP0007-Windows.zip

 certutil -hashfile FileName.zip md5

For example (Windows): certutil -hashfile 4.1.1-ISS-GKLM-FP0007-Windows.zip md5

Sample output
MD5 hash of file 4.1.1-ISS-GKLM-FP0007-Windows.zip: 298efaebca5f11aef21ab058adf8cf62
CertUtil: -hashfile command completed successfully.

298efaebca5f11aef21ab058adf8cf62
 

Fix pack files for IBM Security Guardium Key Lifecycle Manager container

Product/Component name

Platform

File name

Command

Checksum

IBM Security Guardium Key Lifecycle Manager version 4.1.1 Fix Pack - 4.1.1-ISS-GKLM-FP0007

Linux PPC

sklm4117-ppc64le.tar

 md5sum FileName.tar.gz

For example (UNIX/Linux): md5sum sklm411-ppc64le.tar

Sample output
495dbe329b0e2af086dcd3eefb0f93b1 sklm4117-ppc64le.tar

495dbe329b0e2af086dcd3eefb0f93b1

IBM Security Guardium Key Lifecycle Manager version 4.1.1 Fix Pack - 4.1.1-ISS-GKLM-FP0007

zLinux (IBM Z)

sklm4117-s390x.tar

f523a693a87b2d69c7d4eca6b528e119

IBM Security Guardium Key Lifecycle Manager version 4.1.1 Fix Pack - 4.1.1-ISS-GKLM-FP0007

x86_64

sklm4117-x86_64.tar

e491c8f3c4423ab9f880437adc1bf38d

Back to top

Prerequisites for IBM Security Guardium Key Lifecycle Manager Traditional

  • Ensure that IBM Security Guardium Key Lifecycle Manager, Version 4.1.1 GA (4.1.1), fix pack 1 (4.1.1.1), fix pack 2 (4.1.1.2), fix pack 3 (4.1.1.3), fix pack 4 (4.1.1.4), fix pack 5 (4.1.1.5) or fix pack 6 (4.1.1.6) is already installed.
  • Ensure that IBM Security Guardium Key Lifecycle Manager is not in use.
  • Back up the IBM Security Guardium Key Lifecycle Manager server. For instructions, see Configuring backup and restore.
  • Ensure that /tmp directory does not contain klmPrev.properties. If it is present, rename or remove this file before you start applying the fix pack. Also, ensure that the /tmp directory has all the permissions and does not have noexec set.
  • On Linux for System z server, ensure that gtk 2 libraries are installed. Also, add the following parameter in the IM_INSTALL_DIR/eclipse/IBMIM.ini file. Add the following properties just before "--launcher.appendVmargs" in IBMIM.ini file.
    --launcher.GTK_version
    2
  • On AIX, complete the following steps before you install the fix pack:
    1. Log in as a Db2 user and launch a terminal window.
    2. Run the following commands:
      su - <db2 user>
      db2 connect to <db name> user <root> using <root password>
      db2 grant secadm on database to user <db2 user>
  • On Windows, if you are installing the fix pack as a non-system admin user (for example, domain user), complete the following steps before you install the fix pack:
    1. Log in as a Db2 user and launch the Db2 command prompt.
    2. Run the following commands:
      db2 connect to <db name> user <administrator> using <administrator password>
      db2 grant secadm on database to user <db2 user>
  • Ensure that umask is set to 0022.
  • Back up the WebSphere Liberty files. For instructions, see the following table:

S.No.

Instruction

Windows Commands

UNIX/Linux Commands
1. 

Windows - Open command line.

Linux / AIX - Open a ksh or bash shell.

Click Start > Run, type cmd, and click OK.

If your default shell is not ksh or bash, run "exec ksh" or "exec bash".
2. 

Stop WebSphere Liberty.

WAS_HOME\bin\server.bat stop

WAS_HOME/bin/server.sh stop
3. 

Make a temporary directory.

mkdir WAS_BACKUP_DIRECTORY
For example: mkdir C:\wasbackup

mkdir WAS_BACKUP_DIRECTORY
For example: mkdir /tmp/wasbackup
4. 

Change directory to the temporary directory.

cd C:\wasbackup

cd /tmp/wasbackup
5. 

Copy or archive the files from the directory where WebSphere Liberty is installed.

xcopy /y /e /d WAS_HOME C:\wasbackup

tar -cvf wasbackup.tar WAS_HOME/*
6. 

Start WebSphere Liberty.

WAS_HOME\bin\server.bat start

WAS_HOME/bin/server.sh start

 

Back to top

Known limitations

  • Rollback of installed fix pack is not supported.
  • Use this certificate for UI access checkbox gets unchecked post saving it. There is no functional impact. Certificate is added to Websphere Liberty truststore.
  • Only applicable for Linux for System z platform: After you apply the fix pack, the graphical user interface of Guardium Key Lifecycle Manager does not start.
    Workaround:     The graphical user interface will be accessible.
    1. Stop WebSphere Liberty.
    2. Stop Db2.
    3. Start Db2.
    4. Start WebSphere Liberty.
  • Unable to apply FP if 411GA, 411FP1, 411FP2 or 411FP3 is enabled with TLSv1.3.
    Workaround: Enable TLSv1.2 and then apply FP.

Known issues

  • (Applicable for Windows) In an LDAP or OIDC configured setup, GKLM 4.1.1.7 UI becomes inaccessible after you disable file-based authentication and restart the server. The following error is displayed after the server restart:
    An error occurred while processing request.
    Workaround:
    1. Locate the server.xml file and open it for editing. You can find server.xml at the following location:
      WAS_HOME\usr\servers\defaultServer\
      For example,
      C:\Program Files\IBM\WebSphere\Liberty\usr\servers\defaultServer\
    2. Add the following element in the server.xml file after </featureManager>:
      <authentication id="Basic" cacheEnabled="false" />
    3. Restart the server. For instructions, see Restarting the IBM Security Key Lifecycle Manager server.
  • (Applicable for Ubuntu) The installation of GKLM 4.1.1.7 might fail with a invalid Db2 password error in both GUI and silent fix pack installation modes.
    Workaround:
    1. Log in as the root user and open a terminal window.
    2. Run the following command:
      ln -s {db2_inst_home}/gklm411properties/ $HOME/gklm411properties
      For example,
      ln -s /home/klmdb411/gklm411properties/ $HOME/gklm411properties
    3. Install GKLM 4.1.1.7. For instructions, see Installing the fix pack on IBM Security Guardium Key Lifecycle Manager traditional.

Installing the fix pack on IBM Security Guardium Key Lifecycle Manager traditional

Installing a fix pack involves the following steps:

1. Complete the prerequisites.

2. Prepare to install the fix pack.

3. Install the fix pack.

4. Complete the post fix-pack installation tasks.

Prepare to install the fix pack

  1. Open the command line.
  2. Create a temporary directory to extract the fix pack installer files.
    Windows
    mkdir C:\sklminstall_windowsfp
    UNIX/Linux
    mkdir /sklminstall_linuxfp
  3. Change directory to this temporary directory.
    Windows
    cd C:\sklminstall_windowsfp
    UNIX/Linux
    cd /sklminstall_linuxfp
  4. Download the fix pack installer files into the directory. See Download Instructions.
  5. Extract the downloaded files.
    For example:

    Windows: 4.1.1-ISS-GKLM-FP0007-Windows.zip [Right-click and extract all]

    UNIX/Linux: tar -xvf 4.1.1-ISS-GKLM-FP0007-Linux.tar.gz

    Note: Use the platform-specific file.

Installing the fix pack by using the graphical user interface

S. No.

Instruction

Steps
1. 

Start Installation Manager in GUI mode.

Windows

  1. Open a command line, and change the directory to the directory where you extracted the installer files.
    For example:
    C:\sklminstall_windowsfp
  2. Run the following command:
    updateSKLM.bat IM_INSTALL_LOCATION WAS_INSTALL_LOCATION

For example:
updateSKLM.bat "C:\Program Files\IBM\Installation Manager" "C:\Program Files\IBM\WebSphere\Liberty"

UNIX/Linux

  1. Open a command line, and change the directory to the directory where you extracted the installer files.
    For example:
    /sklminstall_linuxfp
  2. Run the following commands:

chmod +x ./updateSKLM.sh

./updateSKLM.sh IM_INSTALL_LOCATION WAS_INSTALL_LOCATION

For example:
updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/Liberty
2.

Select Websphere Liberty package group and IBM Security Guardium Key Lifecycle Manager, Version 4.1.1 software package group.

1. Select the Update all packages (mandatory) with recommended updates and recommended fixes checkbox to select the IBM Security Guardium Key Lifecycle Manager, Version 4.1.1 software package group and Websphere Liberty package group.

2. Click Next.
3.

Accept license agreement.

1. Read license agreement carefully. If you are ok, accept license agreement.

2. Click Next.
4.

Configuration for IBM Websphere Liberty

1. Enter the update option for Websphere Liberty.  Do not select checkbox to connect to online IBM Websphere Liberty Repository.

2. Click Next.
5.

Provide credentials for SKLM admin user
(default: SKLMAdmin) and Db2 user
(default: klmdb411).
  1. In the Update Packages Configuration for IBM Security Guardium Key Lifecycle Manager v4.1.1.7 pane:
    • Enter Username and Password for IBM Security Guardium Key Lifecycle Manager Application Administrator.
    • Enter Username and Password for IBM Db2 user.
  2. Click Validate Credentials.
    Validation might take few minutes. Wait until the Next button is enabled.
  3. Click Next.
6.

Complete the final step.

In the Update Packages > Summary pane, review the software packages that you want to install, and click Update.
After Installation Manager successfully updates the fix pack for the services that you select, a message is displayed.
 

Installing the fix pack silently

S. No.

Instruction

Steps
1. 

Start the Installation Manager utility to encrypt the passwords for users as required.
  1. Open a command line.
  2. Change the directory to the IM_INSTALL_LOCATION/eclipse/tools directory.

Windows

Run the following command to generate an encrypted password:
imcl.exe encryptString password_to_encrypt

UNIX/LINUX

Run the following command to generate an encrypted password:
./imcl encryptString password_to_encrypt
2.

Back up the response file.

Rename the original response file to create a backup of the file: 
SKLM_Silent_Update_platform_Resp.xml
For example: SKLM_Silent_Update_platform_Resp_original.xml

The response file is located in the /sklm directory, which is within the directory where the fix pack is extracted.
3.

Edit the response file.

Windows

Edit the response file SKLM_Silent_Update_platform_Resp.xml.

  1. Edit the repository location to point to the current location of the installer.
    Sample:
    <repository location='C:\sklminstall_windowsfp\wasfp\repository.config'/>
    <repository location='C:\sklminstall_windowsfp\sklmwasfp\repository.config'/>
  2. Edit GKLMAdmin username and password (Password need to be encrypted).
    Sample:
    <data key='user.SKLM_ADMIN_USER,com.ibm.gklm411.win> value='SKLMAdmin'/>
    <data key='user.SKLM_ADMIN_PASSWORD,com.ibm.gklm411.win>
    value='9YTRJMRIydDSdfhaHPs1ag=='/>

  3. Edit Db2 username and password (Password need to be encrypted).
    Sample:
    <data key='user.DB_ADMIN_USER,com.ibm.gklm411.win' value='klmdb411'/>
    <data key='user.DB_ADMIN_PASSWORD,com.ibm.gklm411.win' value='QTh/0AiFvrljhs9gnOYkGA=='/>

UNIX/Linux

Edit the response file: SKLM_Silent_Update_platform_Resp.xml

  1. Edit the repository location to point to the current location of the installer.
    Sample for Linux:
    <repository location='/sklminstall_linuxfp/wasfp/repository.config'/>
    <repository location='/sklminstall_linuxfp/sklm/repository.config'/>
     
  2. Edit GKLMAdmin username and password (Password needs to be encrypted).
    Sample:
    <data key='user.SKLM_ADMIN_USER,com.ibm.gklm411.linux> value='SKLMAdmin'/>
    <data key='user.SKLM_ADMIN_PASSWORD,com.ibm.gklm411.linux>
    value='9YTRJMRIydDSdfhaHPs1ag=='/>

  3. Edit the username and password of the Db2 user (Password need to be encrypted).
    Sample:
    <data key='user.DB_ADMIN_USER,com.ibm.gklm411.lin'
    value='klmdb411'/>                                         <data key='user.DB_ADMIN_PASSWORD,com.ibm.gklm411.lin' value='QTh/0AiFvrljhs9gnOYkGA=='/>
4.

Install the fix pack.

Windows

  1. Open a command line, and change directory to the directory where the installer files are extracted.

    For example: C:\sklminstall_windowsfp

    For example: /sklminstall_linuxfp

  2. Run the following command:

silent_updateSKLM.bat IM_INSTALL_LOCATION WAS_INSTALL_LOCATION

For example:

silent_updateSKLM.bat "C:\Program Files\IBM\Installation Manager" "C:\Program Files\IBM\WebSphere\Liberty"

UNIX/Linux

  1. Open a command line, and change the directory to the repository directory.
    For example:     /sklminstall_linuxfp
     
  2. Run the following commands:

chmod +x ./silent_updateSKLM.sh

./silent_updateSKLM.sh IM_INSTALL_LOCATION WAS_INSTALL_LOCATION

For example:

./silent_updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/Liberty
 

Back to top

Installing the fix pack when a Multi-Master environment is set up

Prerequisites 

If the original primary master server is acting as a standby master server, promote it to primary and then, install the fix pack. Otherwise, the database updates are not applied to the cluster.
To promote a master server to primary, see Promote to primary. 

To install the fix pack
  1. Stop WebSphere Liberty on all the master servers, in any sequence.
    • Open a command line.
    • Go to the WAS_HOME\bin directory.
      Windows
      C:\Program Files\IBM\WebSphere\Liberty\bin
      Linux
      /opt/IBM/WebSphere/Liberty/bin
       
    • Stop the IBM Security Guardium Key Lifecycle Manager server.
      Windows
      server.bat stop
      Linux
      ./server.sh stop
  2. Stop Agent on all the master servers, in any sequence.
    • Open a command line.
    • Go to the GKLM_INSTALL_HOME\agent directory.
      Windows
      C:\Program Files\IBM\GKLMV411\agent
      Linux
      /opt/IBM/GKLMV411/agent
    • Stop the Agent.
      Windows
      stopAgent.bat WAS_HOME
      For example: stopAgent.bat "C:\Program Files\IBM\WebSphere\Liberty"
      Linux
      ./stopAgent.sh WAS_HOME
      For example: ./stopAgent.sh /opt/IBM/WebSphere/Liberty
       
  3. Apply fix pack on each master server and verify the installation.
    Complete this step in the following sequence:
    • Primary master server
    • Principal standby master server
    • Auxiliary standby master servers
    • Non-HADR master servers

      For steps to install the fix pack, see Installing the fix pack.
      To verify the installation:
      • Log in to IBM Security Guardium Key Lifecycle Manager and check the version number.
      • Ensure that the master server is running and available for use.

Back to top

Post fix-pack installation
  1. Run the following scripts.
    • On Windows:
      1. Log in as the administrator user and open the Db2 command prompt.
      2. Run the following commands: 
        cd C:\Program Files\IBM\DB2GKLMV411\BIN
db2 connect to klmdb411 user <Db2_USER> using <Db2_PASSWORD>
db2 “update KMT_KEY_GROUPS set REF_IDENTIFIER = ‘15’ where NAME = ‘DS8000_TCT’ ”
db2 -td# -vf  C:\gklm411properties\scripts\gklmsql-fp.db2
    • On Linux:
      1. Log in as the Db2 user and open a terminal.
      2. Run the following commands: 
        su - klmdb411
db2 connect to klmdb411 user <Db2_user> using <Db2_password>
db2 “update KMT_KEY_GROUPS set REF_IDENTIFIER = ‘15’ where NAME = ‘DS8000_TCT’ ”
/opt/IBM/DB2GKLMV411/bin/db2 -td# -vf /home/klmdb411/gklm411properties/scripts/gklmsql-fp.db2
  2. Use one of the following methods to verify the installation.
    • Using graphical user interface:
      a. Log in to the graphical user interface.
      b. On the Welcome page header bar, click the Help (?) icon.
      c. Click About.
      The page displays the version details.
    • Using REST interface:
      Run the Version Info REST Service For more information, see Swagger UI
      For IBM Security Guardium Key Lifecycle Manager Traditional:
      IBM Security Guardium Key Lifecycle Manager Version: 4.1.1.7
IBM Security Guardium Key Lifecycle Manager Build Level: 202302211049
Liberty WAS Version: 22.0.0.9
Database Version: DB2/LINUXZ64 SQL110560
Java Version: JRE 1.8.0_321 IBM J9 VM 2.9
Operating System Version: AIX:7.2:ppc64
Agent Version: 2.0
      For IBM Security Guardium Key Lifecycle Manager Container:
      IBM Security Guardium Key Lifecycle Manager Version: 4.1.1.7
IBM Security Guardium Key Lifecycle Manager Build Level: 202302171904
Liberty WAS Version: 22.0.0.9
Database Version: PostgreSQL 15.2 (Debian 15.2-1.pgdg110+1)
Java Version: JRE 1.8.0_351 IBM J9 VM 2.9
Operating System Version: Linux:3.10.0-1160.83.1.el7.s390x:s390x
Image Tag: 4.1.1.7
  3. Back up the IBM Security Guardium Key Lifecycle Manager server. For more information, see Configuring backup and restore.

Back to top

Uninstalling the fix pack

Important: The following steps uninstall the entire product package, including IBM Security Guardium Key Lifecycle Manager, IBM Db2, and WebSphere Liberty, and all your data is lost. Take a backup before uninstalling.

Uninstalling IBM Security Guardium Key Lifecycle Manager with the fix pack by using the graphical user interface

 

Uninstalling IBM Security Guardium Key Lifecycle Manager with the fix pack silently

Back to top

Installing the fix pack on IBM Security Guardium Key Lifecycle Manager container

During installation you can provide encrypted string as environment variable for passwords by using the following command:

echo "Ch@ngemypa55word" | openssl rsautl -encrypt -inkey sklm_public -pubin | base64 -w 0

Where, sklm_public key is available at the build location (IBM Fix Central).

Copy the output of this command as environment variable for container installation.

Depending on your platform, see the relevant section:

Installing on a Kubernetes cluster

Install IBM Security Guardium Key Lifecycle Manager container V4.1.1.7 (target).

In the Helm charts, ensure that you configure the same database and volume details that were referenced by the earlier container (source).

For more information, see Install on a Kubernetes cluster.

Installing on a Red Hat OpenShift Container Platform cluster

Install IBM Security Guardium Key Lifecycle Manager container V4.1.1.7 (target).

In the Helm charts, ensure that you configure the same database and volume details that were referenced by the earlier container (source).

For more information, see Install on a Red Hat OpenShift Container Platform cluster.

Post fix-pack installation

Back to top

Back to top

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTJE47","label":"IBM Security Guardium Key Lifecycle Manager"},"ARM Category":[{"code":"a8m0z000000cvdzAAA","label":"SKLM-\u003EINSTALL-\u003EFIXPACK"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1.1"}]

Document Information

Modified date:
02 November 2023

UID

ibm16890621

Page Feedback