Show Contents / Index / Search

Changing the JVM

PKI Services Manager uses Java technology to support running on multiple platforms. PKI Services Manager installs its own Java Virtual Machine (JVM) and uses this installed JVM by default. It is also possible to configure PKI Services Manager to use a different JVM.

Note: If you upgrade your JVM (whether manually or automatically) it is installed to a new directory, so you'll need to repeat the following procedures to copy the unlimited strength policy files to the new directory and update the pointers to the new directory.

Apply the Unlimited Strength Jurisdiction Policy Files to your JVM

  1. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle. Uncompress and extract the downloaded file.

    Note: If you prefer not to download the Unlimited Strength Jurisdiction Policy files from Oracle, you can use the ones located in the default PKI Services Manager JVM, typically in /opt/attachmate/pkid/_java/lib/security.

  2. Locate the following two policy files.

    local_policy.jar

    US_export_policy.jar

  3. Replace the existing limited strength policy files (located in <java-home>\lib\security on Windows or <java-home>/lib/security on Unix) with the unlimited strength versions you extracted in the previous step.

To change the JVM on Windows

Note: If you upgrade PKI Services Manager, you do not need to repeat this procedure. The edited registry setting remains after an uninstall.

  1. Open the Windows Registry Editor and navigate to the following key (or create this key if it does not yet exist).

    HKEY_LOCAL_MACHINE\SOFTWARE\Attachmate\ReflectionPKI

    (On 64-bit systems, use HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Attachmate\ReflectionPKI.)

  2. Create a new string value named JvmPath and set the value to point to the full path where jvm.dll is located (<java-home>\bin\client).
  3. (Optional) You can create and edit a value called JvmParams for supplying any additional parameters or arguments. Use this feature if you are also configuring connections via a SOCKS proxy.

Note: The path to the JVM can also be set using the environment variable PKID_JVM_PATH on Windows systems. If the path is specified in both the registry and using the environment variable, the environment variable takes precedence.

To change the JVM on UNIX

To configure a JVM on UNIX you need to modify the PKID_JVM_PATH keyword in /etc/pkid.conf to point to the JVM shared library (either libjvm.so or libjvm.sl depending on your UNIX operating system), as described in the following procedure.

Note: If you upgrade PKI Services Manager you'll need to run uninstall.sh with the upgrade option in order to preserve your modified path setting, as described below.

  1. Log in as root.
  2. Add write permissions to /etc/pkid.conf:

    chmod u+w /etc/pkid.conf

  3. Open /etc/pkid.conf in a text editor.

    Set the value of PKID_JVM_PATH to point to the JVM shared library. For example, on Linux:

    PKID_JVM_PATH=/usr/java/default/jre/lib/amd64/server/libjvm.so

  4. Save the modified script.
  5. Remove write permissions from /etc/pkid.conf.

    chmod u-w /etc/pkid.conf

  6. Restart PKI Services Manager:

    pkid restart

 

To configure a separate JVM to be used only by PKI Services Manager

On some Unix systems, if you already have a JVM on your system that you use for other purposes, you can configure a separate JVM private to PKI Services Manager. The following procedure describes how to do this on Linux systems:

  1. Download the non-RPM version of the JVM.
  2. Extract the JVM package.
  3. Move the extracted JVM directory to a directory of your choice in the PKI Services Manager data directory (typically /opt/attachmate/pkid). For example:

    mv /extracted_jvm /opt/attachmate/pkid/jre_latest

  4. Apply the Unlimited Strength Jurisdiction Policy Files to this JVM.
  5. Edit /etc/pkid.conf to configure PKI Services Manager to use this JVM, as described in the preceding procedure.

To preserve your modified JVM setting when upgrading on UNIX systems

This procedure creates a backup file that includes your modified path to the JVM (along with other location settings you specified when you installed PKI Services Manager). When you install the upgrade, the installer locates this backup and asks if you want to preserve your settings.

To uninstall the old version

  1. Log in as root.
  2. Run uninstall.sh using the upgrade option. (By default, this script is installed to /opt/attachmate/pkid/bin/.) For example:

    /opt/attachmate/pkid/bin/uninstall.sh -–upgrade

    Note: The upgrade option creates a backup of your current location settings (including your modified JVM path). It does not change the default uninstall behavior for backing up the configuration directory, as described in Upgrading From Earlier Versions.

To install the newer version

  1. Log in as root.
  2. Run the install script:

    ./install.sh

  3. If you uninstalled using the upgrade option, you will see a message like the following:

    Found location settings from prior installation:
    pkidHome = /opt/attachmate/pkid
    pkidJvmPath = /opt/attachmate/pkid/jre_latest
    systemBin = /usr/local/bin
    systemSbin = /usr/local/sbin
    Use locations from prior installation (y/n):

  4. Enter y to preserve your settings.