Chapter 3 System Preparation182 September 2002 HPSS Installation GuideRelease 4.5, Revision 2Follow the instructions with the downloads for installation.Please observe these notes about the JSSE installation:It is recommended but not required that you download both the JSSE package and thedocumentation.The JSSE zip file may be unpacked anywhere desired. It is recommended that it be unpackeddirectly under the ${JAVA_ROOT} directory to make it easier to find.The JSSE installation instructions say the libraries may be installed as an "installed extension"or bundled with the application. The hpssadm utility and SSM Data Server expect JSSE to bean installed extension, so that the libraries are stored in${JAVA_HOME}/lib/extThe JSSE installation instructions explain two ways to register the provider. Use the staticregistration, which is also explained in Section 3.8.3.1: Installing the Security Provider on page183.3.8.2.2 OS Patch LevelsPlease check the recommended operating system patch sets listed by the web sites listed above(Section 3.8.2.1: Obtaining the Software on page 181). Remember that the recommended patch setsare subject to change at any time by Sun or IBM. HPSS was tested with Java 1.3.0 under AIX 5.1Maintenance Level 2, and under Solaris 5.8 with Recommended Patch Cluster 73001.3.8.2.3 Setting the Password for the Certificate Trusted StoreA trusted store of X.509 certificates is delivered with the JDK, even if you don’t install the JSSE. Thisfile contains several root level certificates from Verisign and other companies. This file is shippedwith an initial password of "changeit". You should change this password when you install the JDKon each host where the hpssadm utility will execute. The default file shipped with the JDK is"cacerts". If someone else has installed the JDK on your system, they may already have set thispassword or renamed or removed this file. The JSSE software will look first for the file "jssecacerts"as its default trusted store and then for "cacerts", so if someone else has installed the software onyour system, they may have added the jssecacerts file. No trusted store file should be left with thedefault password.To change the default password on the delivered file:1. cd to the directory holding the trusted store. This should be$JAVA_HOME/lib/security/2. Find the trusted store file(s), cacerts and/or jssecacerts.3. Check the password by listing the file; in this example, we are checking the cacerts file; dothis for each trusted store file, substituting the correct file name for the "-keystore" option:$JAVA_HOME/bin/keytool -keystore cacerts -list
