8.Save the
#swinstall
If WLI is installed correctly on the system, the swverify command includes the following text in the reported data:
Verification succeededWLI relies on the OpenSSL product for RSA key generation, but the OpenSSL product is not required for installation. The latest version of OpenSSL is recommended, but any version installable on
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I
OpenSSL installs by default with every
4.3Removing WLI
The administrator should consider creating a backup of policy protected files, signed binaries, and metadata files. If reinstallation is planned, keys used for generating policies and signatures are recognized by WLI if the keys are authorized following reinstallation.
WLI does not track access policies assigned to files and signatures generated on binaries. File and signature metadata becomes transparent once the kernel is rebuilt without the WLI component. WLI metadata does not impact file access or command execution once WLI is removed.
The presence of old metadata can inhibit new policy and signature generation if WLI is reinstalled. If reinstallation is planned, HP recommends backup and removal of all known signatures and policies.
To remove WLI, use the following procedure:1.Retrieve the security attributes for WLI:%wlisyspolicy2.Skip this step if protection mode is maintenance. To set protection mode to maintenance:
%wlisyspolicy<admin_private_key> is a WLI administrator private key. A prompt appears for the key passphrase.
3.If allow security downgrade is deferred, a reboot is required for protection mode to switch to maintenance. Following reboot of the system, verify that protection mode is maintenance:
% wlisyspolicy22 Installing, removing, and upgrading