Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

GSKit > GSKit - Pg. 75

PDMgr PDAcld PDProxy PDAuthADK Access Manager Base Components PDRTE Tivoli Security Utilities LDAP Client GSKit Operating System PD lic Common Softare Figure 3-1 Access Manager basic system and common software The figure also shows all Access Manager components that are part of the base system. The rest of this section provides an installation overview of those components. 3.2.1 GSKit The bottom layer of any Access Manager installation is GSKit, which provides a set of tools for SSL communication between Access Manager components. GSKit provides a C API command line tool gsk7ikm (and a Java API equivalent ikeyman) that helps you set up and maintain a basic PKI environment. This tool can create a new certificate database (it supports all types of standard certificate databases), open an existing certificate database, create self-signed certificates, submit certificate requests to another CA, revoke a certificate, and create a certificate revocation list (CRL) list. In addition to providing SSL communication between Access Manager components, very often GSKit is utilized in the WebSEAL configuration for setting up HTTPS communication between WebSEAL and clients, for example, between WebSEAL and back-end servers (this communication is realized through an SSL-junction). More details are presented in Chapter 4, "Configuration and customization" on page 91. Once installation of the GSKit package is complete, no configuration of the GSKit is necessary. Chapter 3. Installation 75