2.2. Prerequisites

2.2. Prerequisites

This section covers required information such as the supported platforms, the packages installed, and dependencies and programs.

2.2.1. Supported Platforms

Certificate System server packages are available for the following platforms:

  • Red Hat Enterprise Linux AS 4 (Intel 32-bit)

  • Red Hat Enterprise Linux AS 4 (Intel 64-bit)

  • Red Hat Enterprise Linux ES 4 (Intel 32-bit)

  • Red Hat Enterprise Linux ES 4 (Intel 64-bit)

  • Solaris 9 (Sparc 64-bit)

Certificate System Enterprise Security Client packages are available for the following platforms:

  • Apple Macintosh OS X 10.4.x (Tiger) (Power PC 32-bit, Intel Mac)

  • Microsoft Windows XP Professional (Intel 32-bit)

  • Red Hat Enterprise Linux AS 4 (Intel 32-bit)

  • Red Hat Enterprise Linux AS 4 (Intel 64-bit)

  • Red Hat Enterprise Linux ES 4 (Intel 32-bit)

  • Red Hat Enterprise Linux ES 4 (Intel 64-bit)

The services pages for the subsystems require a web browser that supports SSL. It is strongly recommended that users such as agents or administrators use Mozilla Firefox to access the agent services pages. End-entities should use Mozilla Firefox or Microsoft Internet Explorer.

NOTE

The only browser that is fully-supported for the HTML-based instance configuration wizard is Mozilla Firefox.

2.2.2. Required Programs and Dependencies

The following must be installed before installing the Certificate System:

  • Java™ 1.5.0 Java Runtime Environment (JRE). Certificate System does not support earlier versions of the JRE. This JRE is required for running Tomcat, among other applications for the Certificate System.

    • On 32-bit Red Hat Enterprise Linux 4 platforms, Certificate System 7.3 requires the 32-bit version of the IBM JRE 1.5.0. A pre-packaged binary distribution of this package, the java-1.5.0-ibm rpm package, is available through either the Red Hat Enterprise Linux AS (v. 4 for x86) Extras Red Hat Network channel or the Red Hat Enterprise Linux ES (v. 4 for x86) Extras Red Hat Network channel.

      A similar package is available for 64-bit Red Hat Enterprise Linux 4 platforms. This package is available through either the Red Hat Enterprise Linux AS (v. 4 for AMD64/EM64T) Extras Red Hat Network channel or the Red Hat Enterprise Linux ES (v. 4 for AMD64/EM64T) Extras Red Hat Network channel.

      As root, run /usr/sbin/alternatives --config java to insure that the IBM Java™ 1.5.0 JRE is selected.

      Warning

      Both the 32-bit xSeries (Intel-compatible) and 64-bit AMD/Opteron/EM64T versions of the IBM J2SE JRE 5.0 RPM packages available through the IBM download site are packaged in a format which is incompatible with Certificate System 7.3.

    • For 64-bit Solaris 9 (SPARC) platforms, the user must download and install the latest version of the 64-bit Sun J2SE Java™ Runtime Environment 5.0 (Update 9) available from the Sun download site, http://java.sun.com/javase/downloads/index.jsp.

      IMPORTANT

      The 64-bit Solaris version of the Certificate System requires the user to install the 32-bit version of the JRE as well as installing the 64-bit version. The 32-bit version is used for the applet and Java™ Web Start support. Read http://java.sun.com/j2se/1.5.0/README.html, http://java.sun.com/j2se/1.5.0/ReleaseNotes.html, and http://java.sun.com/j2se/1.5.0/jre/install-solaris-64.html before installing the Certificate System.

      Under the section Java Runtime Environment (JRE) 5.0 Update 9, Sun only makes this JRE available through a self-extracting file which is incompatible with Certificate System since this format does not use the native Solaris packaging utility database.

      It is possible to obtain the Sun 5.0 JRE in a compatible format. Click Download under the JDK 5.0 Update 9 section, and, under Solaris SPARC Platform - J2SETM Development Kit 5.0 Update 9, select Solaris SPARC 32-bit packages - tar.Z (jdk-1_5_0_09-solaris-sparc.tar.Z) and Solaris SPARC 64-bit packages - tar.Z (use 32-bit version for applet and Java Web Start support) (jdk-1_5_0_09-solaris-sparcv9.tar.Z).

      After downloading these two files, uncompress them using the gunzip utility, and extract the contents using the tar utility.

      The contents of the 32-bit file, jdk-1_5_0_09-solaris-sparc.tar.Z, are COPYRIGHT, LICENSE, README.html, SUNWj5cfg, SUNWj5dev, SUNWj5dmo, SUNWj5jmp, SUNWj5man, and SUNWj5rt.

      The contents of the 64-bit file, jdk-1_5_0_09-solaris-sparcv9.tar.Z, are SUNWj5dmx, SUNWj5dvx, and SUNWj5rtx.

      Since only the JRE is needed on Solaris 9 systems, use the pkgadd utility to add the 32-bit package, SUNWj5rt, first, and then add the 64-bit package, SUNWj5rtx.

  • Java™ Development Kit (JDK). A JDK must be present on Red Hat Enterprise Linux systems. See http://kbase.redhat.com/faq/FAQ_54_4667.shtm for more information. While almost any JDK is sufficient, installing one of these JDKs is recommended:

    • For 32-bit Red Hat Enterprise Linux 4 platforms, a pre-packaged binary distribution of the 32-bit version of the IBM JDK 1.5.0, the java-1.5.0-ibm-devel rpm package, is available through either the Red Hat Enterprise Linux AS (v. 4 for x86) Extras Red Hat Network channel or the Red Hat Enterprise Linux ES (v. 4 for x86) Extras Red Hat Network channel.

    • A similar package is available for 64-bit Red Hat Enterprise Linux 4 platforms. This package is available through either the Red Hat Enterprise Linux AS (v. 4 for AMD64/EM64T) Extras Red Hat Network channel or the Red Hat Enterprise Linux ES (v. 4 for AMD64/EM64T) Extras Red Hat Network channel.

    After installing the JDK, run /usr/sbin/alternatives --config javac as root to insure that a JDK is available.

    Solaris 9 systems do not require downloading and installing a JDK; however, it may be required to download and install the Sun JDK 5.0 package in order to obtain a compatible Sun JRE 5.0 package.

  • Apache. Before installing any Certificate System TPS subsystems on Red Hat Enterprise Linux, there should be a local installation of Apache. When installing the TPS subsystem on Solaris 9, a specially-configured Apache server is included as part of the Certificate System 7.3 packages.

  • Red Hat Directory Server. Before a Certificate System can be installed, there must be an installed Directory Server available because the Certificate System uses the Directory Server user database to store its certificate information.

  • The Solaris version of Certificate System was tested on Sun Solaris 9 with patch level 118558-28.

  • The following package groups and packages must be installed on all Red Hat Enterprise Linux systems:

    • dialup (package group)

    • gnome-desktop (package group)

    • compat-arch-support (package group)

    • web-server (package group)

    • kernel-smp (package)

    • e2fsprogs (package)

    • firefox (package)

  • On 64-bit Red Hat Enterprise Linux platforms, be certain that the 64-bit (x86_64) compat-libstdc++ libraries are installed, and not only the 32-bit (i386) libraries. To confirm this, run the following as root: 

    rpm -qa --queryformat 'compat-libstdc++-%{VERSION}-%{RELEASE}.%{ARCH}.rpm\n' | grep x86_64

    Numerous libraries should be displayed.

2.2.3. Packages Installed

Multiple packages are installed with the Certificate System, in addition to the core Certificate System components.

2.2.3.1. Red Hat Enterprise Linux RPMs

RPMs have the format package_name-version_number-release_number-architecture.rpm; only the package name is shown in the tables.

RPMs for Certificate System subsystems and components
osutil rhpki-kra rhpki-tks
pkisetup rhpki-manage rhpki-tps
rhpki-ca rhpki-migrate rhpki-util
rhpki-common rhpki-native-tools symkey
rhpki-console rhpki-ocsp tomcatjss
rhpki-java-tools    
Table 2.1. 

RPMs for the Enterprise Security Client
ccid pcsc-lite
coolkey pcsc-lite-doc
esc pcsc-lite-libs
ifd-egate  
Table 2.2. 

RPMs for Tomcat Web Services
ant jakarta-commons-discovery oro
avalon-framework jakarta-commons-el regexp
avalon-logkit jakarta-commons-fileupload rhino
axis jakarta-commons-httpclient3 tomcat5
bcel jakarta-commons-launcher tomcat5-jasper
classpathx-jaf jakarta-commons-logging tomcat5-servlet-2.4-api
classpathx-mail jakarta-commons-modeler velocity
eclipse-ecj jakarta-commons-pool werken.xpath
geronimo-specs jdom wsdl4j
gnu-crypto-sasl-jdk1.4 jms xalan-j2
jakarta-commons-beanutils jpackage-utils xerces-j2
jakarta-commons-collections ldapjdk xml-commons
jakarta-commons-daemon log4j xml-commons-apis
jakarta-commons-dbcp mx4j xml-commons-resolver
jakarta-commons-digester oldjdom xmlbeans
Table 2.3. 

RPMs for Fortitude Web Services
fortitude-web
mod_nss
mod_revocator
Table 2.4. 

RPMs for Apache Web Services
pdksh perl-XML-NamespaceSupport
perl-HTML-Parser perl-XML-Parser
perl-HTML-Tagset perl-XML-SAX
perl-Parse-RecDescent perl-XML-Simple
perl-URI perl-libwww-perl
Table 2.5. 

RPMs for LDAP Support
mozldap
mozldap-tools
Table 2.6. 

RPMs for Network Security Services (NSS)
dirsec-jss
dirsec-nspr
dirsec-nss
dirsec-nss-tools
Table 2.7. 

RPMs for Java
java-1.5.0-ibm
java-1.5.0-ibm-devel
Table 2.8. 

2.2.3.2. Solaris Packages

Solaris packages have the format VENDORpackage_name-version_number-release_number-architecture.pkg; only the package name is shown in the tables.

NOTE

Package names for 64-bit Sparc 9 packages always have an x at the end of the primary package name. For example, the 64-bit package for the CA subsystem is named RHATrhpki-cax-7.3.0-3.noarch.pkg, with a vendor prefix of RHAT, and an x at the end of the primary package name, rhpki-ca. Since some packages contain subpackages, the x is appended to the end of the primary package name, not the end of the secondary subpackage name. For example, the 64-bit packages for dirsec-nss include RHATdirsec-nssx-3.11.3-1.sparcv9.pkg and RHATdirsec-nssx-tools-3.11.3-1.sparcv9.pkg.

Packages for Certificate System
RHATosutilx RHATrhpki-krax RHATrhpki-tksx
RHATpkisetupx RHATrhpki-managex RHATrhpki-tpsx
RHATrhpki-cax RHATrhpki-migratex RHATrhpki-utilx
RHATrhpki-commonx RHATrhpki-native-toolsx RHATsymkeyx
RHATrhpki-consolex RHATrhpki-ocspx RHATtomcatjssx
RHATrhpki-java-toolsx    
Table 2.9. 

Packages for Tomcat Web Services
RHATantx RHATjakarta-commons-elx RHATregexpx
RHATavalon-frameworkx RHATjakarta-commons-fileuploadx RHATrhinox
RHATavalon-logkitx RHATjakarta-commons-httpclient3x RHATtomcat5-jasperx
RHATaxisx RHATjakarta-commons-launcherx RHATtomcat5-servlet-2-4-apix
RHATbcelx RHATjakarta-commons-loggingx RHATtomcat5x
RHATclasspathx-jafx RHATjakarta-commons-modelerx RHATvelocityx
RHATclasspathx-mailx RHATjakarta-commons-poolx RHATwerken-xpathx
RHATgeronimo-specsx RHATjdomx RHATwsdl4jx
RHATgnu-crypto-sasl-jdk1-4x RHATjmsx RHATxalan-j2x
RHATjakarta-commons-beanutilsx RHATjpackage-utilsx RHATxerces-j2x
RHATjakarta-commons-collectionsx RHATldapjdkx RHATxml-commons-apisx
RHATjakarta-commons-daemonx RHATlog4jx RHATxml-commons-resolverx
RHATjakarta-commons-dbcpx RHATmx4jx RHATxml-commonsx
RHATjakarta-commons-digesterx RHAToldjdomx RHATxmlbeansx
RHATjakarta-commons-discoveryx RHATorox  
Table 2.10. 

Packages for Fortitude Web Services
RHATfortitude-webx
RHATmod-nssx
RHATmod-revocatorx
Table 2.11. 

Packages for Apache Web Services
RHATapr-utilx RHATmod-perlx RHATperl-XML-Parserx
RHATaprx RHATpcrex RHATperl-XML-SAXx
RHATdb4x RHATperl-HTML-Parserx RHATperl-XML-Simplex
RHATdb4x-utils RHATperl-HTML-Tagsetx RHATperl-libwww-perlx
RHATexpatx RHATperl-Parse-RecDescentx RHATperlx
RHAThttpdx RHATperl-URIx  
RHAThttpdx-manual RHATperl-XML-NamespaceSupportx  
Table 2.12. 

Packages for LDAP Support
RHATmozldapx
RHATmozldapx-tools
Table 2.13. 

Packages for Network Security Services (NSS)
RHATdirsec-jssx
RHATdirsec-nsprx
RHATdirsec-nssx
RHATdirsec-nssx-tools
Table 2.14. 

Packages for Java
SUNWj5rt (32-bit JRE)
SUNWj5rtx (64-bit JRE)
Table 2.15.