Chapter 3 System Preparation
182 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
Follow the instructions with the downloads for installation.
Please observe these notes about the JSSE installation:
It is recommended but not required that you download both the JSSE package and the
documentation.
The JSSE zip file may be unpacked anywhere desired. It is recommended that it be unpacked
directly under the${JAVA_ROOT} directory to make it easier to find.
The JSSE installation instructions say the libraries may be installed as an "installed extension"
or bundled with the application. Thehpssadm utility and SSM Data Server expect JSSE to be
an installed extension, so that the libraries are stored in
${JAVA_HOME}/lib/ext
The JSSE installation instructions explain two ways to register the provider. Use the static
registration, which is also explained in Section 3.8.3.1:Installing the Security Provider on page
183.
3.8.2.2 OS Patch Levels
Please check the recommended operating system patch sets listed by the web sites listed above
(Section 3.8.2.1:Obtaining the Software on page 181). Remember that the recommended patch sets
are subject to change at any time by Sun or IBM. HPSS was tested with Java 1.3.0 under AIX 5.1
Maintenance Level 2, and under Solaris 5.8 with Recommended Patch Cluster 73001.
3.8.2.3 Setting the Password for the Certificate Trusted Store
Atrusted store of X.509 certificates is delivered with the JDK, even if you don’t install the JSSE. This
file contains several root level certificates from Verisign and other companies. This file is shipped
withan initial password of "changeit". You should change this password when you install the JDK
on each host where thehpssadm utility will execute. The default file shipped with the JDK is
"cacerts". If someone else has installed the JDK on your system, they may already have set this
passwordor renamed or removed this file. The JSSE software will look first for the file "jssecacerts"
as its default trusted store and then for "cacerts", so if someone else has installed the software on
yoursystem, they may have added the jssecacerts file. No trusted store file should be left with the
default password.
To change the default password on the delivered file:
1. cd to the directory holding the trusted store. This should be
$JAVA_HOME/lib/security/
2. Find the trusted store file(s),cacerts and/or jssecacerts.
3. Checkthe password by listing the file; in this example, we are checking the cacerts file; do
thisfor each trusted store file, substituting the correct file name for the "-keystore" option:
$JAVA_HOME/bin/keytool -keystore cacerts -list