
	Corporate Info \| News \| Solutions \| Products \| Partners \| Services \| Events \| Download \| How To Buy
	e-docs.beasys.com \| Site Map \| Search \| PDF Files \| Contact \| Glossary

WLE Doc Home \| BEA WebLogic Enterprise Installation Guide \| Previous \| Next \| Contents \| Index

WLE Security Service Installation on UNIX Systems

This chapter explains how to install the optional BEA WebLogic Enterprise (WLE) Security Service software on the supported UNIX systems. The following topics are discussed:

For information about installing WLE Security Service software on an NT, Windows 98, or Windows 95 system, see WLE Security Service Installation on Windows NT, 98, and 95 Systems.

The WLE Security Service software is packaged on a CD that is separate from the WLE product box. A WLE Security Service CD is distributed only if you purchased this software. This software provides 56-bit or 128-bit Secure Sockets Layer (SSL) and Link Level Encryption (LLE) features for WLE applications. Each level of encryption is packaged on a separate CD.

The installation screens are similar for both levels of security. In this chapter, the sample screens are from a WLE Security Service 56-bit installation on a Solaris 2.6 system.

Before You Install

This section describes the following topics:

Confirming That the WLE 5.0 Software Has Been Installed

Before you can install the WLE Security Service 5.0 software, you must first install at least one WLE 5.0 server component, or one of the following WLE 5.0 client component options:

All WLE client components (recommended)
BEA C++ client
BEA TUXEDO /WS client

Environment Variables

The environment variables discussed in the section Setting Up Your Environment on UNIX Systems must be set prior to installing the WLE Security Service software. The TUXDIR and dynamic shared library path variables are critical to the success of this Security Service installation, because the SSL plug-in registration step depends on these variables.

LDAP Information Required During the Installation

During the 56-bit or 128-bit Security Service installation, the procedure will prompt you for the required LDAP server information shown in the following list.

If you do not know the appropriate LDAP values for the prompts, contact the person in your organization or company who is responsible for defining the LDAP server tree. At most companies, this person is the Security Administrator or Directory Services Administrator.

Note: After the installation, it is not possible to modify a file to adjust these values. The only way to change these values is to re-install the product. Therefore, it is important that you understand the appropriate values for the requested information before you start the installation.

The hostname of the LDAP server computer system.
The port on the LDAP server computer system that is listening for requests.
An appropriate base object in the LDAP server tree. The base object is the point in the LDAP tree at which you want users to start searching for certificates. By defining a specific location in the LDAP tree, you can narrow the scope of the search for certificates on the relevant portion of the LDAP server tree, and avoid longer-than-necessary searches through irrelevant portions of the LDAP server tree.
Note: These LDAP prompts are not presented if the target system only has the TUXEDO server or client software installed (from WLE 5.0). In this case, only the WLE Security Service's Link-Level Encryption (LLE) components are installed on the target system. During the WLE Security Service installation procedure, the Secure Sockets Layer (SSL) components are not installed on this type of target system.

Before Re-installation, Back Up LDAP Files

If you are re-installing the 56-bit or 128-bit WLE Security Service software on a system, the installation procedure will overwrite the LDAP filter file if you selected its default name and location. By default, the LDAP filter file is installed in $TUXDIR/udataobj/security/bea_ldap_filter.dat , where TUXDIR is the directory in which you installed the WLE software. The filter file is used to define search filters that can further refine the scope of searches in the LDAP server tree.

On re-installation, the Security Service installation procedure will also overwrite the LDAP peer validation rule file, $TUXDIR/udataobj/security/peer_val.rul .

Before you re-install the Security Service software, temporarily rename these files if you do not want the installation procedure to overwrite them. After the installation procedure, rename the files back to their original names and locations.

Stopping WLE or BEA TUXEDO Applications and Related Services

Before beginning the installation, ensure that no BEA TUXEDO or WLE client or server applications are running. For information about the tmshutdown command, see Starting and Shutting Down Applications in the Administration section of the WebLogic Enterprise online documentation.

Checking That Your Account Has Administrator Privileges

On most systems, you need superuser privileges to mount the software CD. The account that you log on to to perform the installation must have administrative privileges.

Platforms Supported

The platforms listed in Table 5-1 are supported.

Table 5-1 Supported Platforms

Vendor

Operating System

Release/Version

HP

HP-UX

11.00 32-bit plus patches B.11.00.B0315

Sun

Solaris

2.6 and 7.0 (UltraSPARC)

For the hardware and software requirements for these operating systems, see WLE Platform Data Sheets.

Installing WLE Security Service on UNIX Systems

This section describes how to install the 56-bit or 128-bit WLE Security Service software on the supported UNIX systems. The sample screens show the installation of the 56-bit software on a Solaris 2.6 system.

UNIX Installation Procedure

It takes approximately 10 minutes to install the software.

To install the WLE Security Service software on a UNIX operating system, perform the following steps:

Log on to the system with administrative privileges.
Insert the WLE Security Service CD into the reader.
Mount the CD as a file system. For platform-specific instructions on how to do this, see WLE Platform Data Sheets. On most systems you need superuser privileges to perform the mount. Note: If your system does not have a directly connected CD reader, you can mount the CD on a remote system, share (export) the CD file system, and then mount the remote file system. For detailed instructions for each platform, see WLE Platform Data Sheets. Alternatively, you can mount the CD on a remote system, copy the contents of the CD directory for your platform to the system in which you plan to install the WLE software, and continue with the remainder of the installation procedure.
Use the cd command to change your working directory to the root of the WLE Security Service software CD.
Run the ls command in the root directory to check the CD's contents. If all the files are in lowercase characters, begin the installation by entering:
sh install.sh .
If all the files are in uppercase characters, begin the installation by entering:
sh INSTALL.SH
Depending on the system upon which you are installing the software, one of the following platform-specific entries is displayed:
1) HP-UX v11.0

2) Sun Solaris v2.6

3) Sun Solaris 7

Install which platform's files? [01- 03, q to quit, l for list]:

Enter 1 to install the Security Service on an HP-UX system; or enter 2 to install the Security Service on a Solaris 2.6 system; or enter 3 to install the Security Service on a Solaris 7.0 system.
The remaining prompts in this chapter show a sample Security Service application on a Solaris 2.6 system. For example, a confirmation prompt is displayed:
** You have chosen to install software for **

BEA WebLogic Enterprise Release 5.0

This directory contains the BEA WLE Installation Software for
Sun Solaris v2.6 on Sun SPARC.

Is this correct? [y,n,q]:

Enter y to proceed; or enter n to redisplay the platform menu; or enter q to quit the installation.
If you entered y, a component menu is displayed:
To terminate the installation at any time
press the interrupt key,
typically <del>, <break>, or <ctrl+c>.

The following components are available:

1 security BEA Security Service 56

Select the one you wish to install [?,??,q]:

Enter the number 1 to select the Security Service; or enter a single question mark (? ) to display a brief help message; or enter two question marks (?? ) to redisplay the menu; or enter q to quit the installation.
If you entered the number 1 or pressed the Enter key, a packages menu is displayed:
The following packages are available:

1 sec56 BEA Security Service 56 For WLE

Select the package(s) you wish to install (or 'all' to install
all packages) (default: all) [?,??,q]:

Enter the number 1 or the word all to install the Security Service for WLE; or enter a single question mark (? ) to display a brief help message; or enter two question marks (?? ) to redisplay the menu; or enter q to quit the installation.
If you entered the number 1 or the word all , the following messages are displayed:
BEA Security Service 56 For WLE
(sparc) Release 5.0
Copyright (c) 1999 BEA Systems, Inc.
All Rights Reserved.
BEA and WebLogic are trademarks of BEA Systems, Inc.

SSLplus is a trademark of Certicom Corporation, 1999.
BSAFE is a trademark of RSA Data Security, Inc., 1999.

WebLogic Enterprise must be installed prior to installing the Security Service
The installation program checks for existing BEA software and prompts you for the WLE base directory:
Location of existing BEA software installation (default: /usr/local/wledir) [?,q]:

Press the Enter key if the default value shown matches the base directory location of the WLE software; or enter the correct path to the WLE base directory.
If the installation program finds the WLE software in the location specified, the installation continues. A confirmation message is displayed, and then the installation program checks for sufficient disk space. For example:
Using /usr/local/wledir as the base directory

Determining if sufficient space is available ...
5818 blocks are required
1032768 blocks are available to /usr/local/wledir
If sufficient space is found, the installation program starts moving files to the target system and displays messages.
Note: In the following displays and steps, all the SSL-related messages and prompts starting with "Unloading...SECSSL.Z" through " Registering SSL plug-in...finished" (in step 20) are not displayed if the system only has TUXEDO server or client software from a WLE 5.0 software installation. In this case, the Security Service installation procedure installs the LLE software, but not the SSL software.
Moving /usr/local/wledir/lib/libgp.so.65 to /usr/local/wledir/lib/libgp.so.65.0

Moving /usr/local/wledir/lib/libgp.a to /usr/local/wledir/lib/libgp.a.0

Unloading /usr/local/wledir/spsol26/security/sec56/SEC56.Z ...
lib/libgp.so.65
lib/libgp.a
2750 blocks
... finished

Unloading /usr/local/wledir/spsol26/security/sec56/SECSSL.Z ...
lib/liborbssl.so.65
lib/libjsec.so
lib/libsecssl.so.65
lib/libwlesec.so.65
lib/libwlesys.so.65
locale/C/IJSSLN.text
locale/C/IJSSLN_CAT
udataobj/security/bea_ldap_filter.dat
udataobj/security/certs/peer_val.rul
udataobj/security/certs/revoked.crl
udataobj/security/certs/trust_ca.cer
2970 blocks
... finished
Enter information about the LDAP server. This information will be stored locally as a registered SSL certificate lookup plug-in that WLE client and server applications can use. The following prompt is displayed:
Enter fully qualified hostname for URL of the LDAP server system. [?,q]:

Enter the LDAP server's fully qualified node name and domain, such as myhost.mydomain.com.

Note: This prompt is not displayed if the system only has TUXEDO server or client software from a WLE 5.0 software installation.
Enter the port number on which the LDAP server will be listening for certificate requests:
Enter a port number for the URL of the LDAP server system. [?,q]:

For example, enter 389 if that is the correct port number. If you are not sure, check the value with the system administrator of the LDAP server.
Note: This prompt is not displayed if the system only has TUXEDO server or client software from a WLE 5.0 software installation.
The installation program displays a confirmation message:
Using 'myhost.mydomain.com:389' as the URL of the LDAP server/port

Enter a base object for searches in the LDAP server. The base object is the point in the LDAP tree at which you want users to start searching (in this case, to start searching for certificates). There are no strict rules about the syntax for this value. Enter the base object string exactly as it was specified in the LDAP server tree.
Enter a base object for search in LDAP server. [?,q]: o=mydomain.com

For example, you could enter a value such as o=mydomain.com , or a value such as o=trixie@trixieweb.com .
Note: This prompt is not displayed if the system only has TUXEDO server or client software from a WLE 5.0 software installation.
The installation program displays a confirmation message for the value you entered:
Using 'o=mydomain.com' as the base object

Note: This message is not displayed if the system only has TUXEDO server or client software from a WLE 5.0 software installation.
Enter the location for the LDAP filter file. This file is used to define search filters that can further refine the scope of searches in the LDAP server tree. For more information, see Using Security in the WebLogic Enterprise online documentation.
Location and name of LDAP filter file. (default: /usr/local/wledir/udataobj/security/bea_ldap_filter.dat) [?,q]:

The file's default location is shown. Press the Enter key to accept this default; or enter a new value and click Enter.
Note: This prompt is not displayed if the system only has TUXEDO server or client software from a WLE 5.0 software installation.
The installation program displays a confirmation message for the value you entered:
Using 'file:///usr/local/wledir/udataobj/security/bea_ldap_filter.dat' as the location and name of LDAP filter file

Note: This message is not displayed if the system only has TUXEDO server or client software from a WLE 5.0 software installation.
The installation program then completes the installation and displays confirmation messages:
Registering SSL plug-in...
... finished

Note: The Registering SSL... message is not displayed if the system only has TUXEDO server or client software from a WLE 5.0 software installation.
Changing file permissions...
... finished

Installation of BEA Security Service 56 For WLE was successful

Please don't forget to fill out and send in your registration card

Removing (Uninstalling) the WLE Security Service Software from Your System

To remove the WLE Security Service software from your UNIX system, you must:

Uninstall the WLE 5.0 software, as explained in the section Removing (Uninstalling) the WLE Software from Your System.
This also removes the WLE Security Service software, if present.
Then re-install the WLE 5.0 software.

Copyright © 1999 BEA Systems, Inc. All rights reserved.
Required browser: Netscape 4.0 or higher, or Microsoft Internet Explorer 4.0 or higher.