The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
► Verify that CP Assist <strong>for</strong> Cryptographic Function (CPACF) operations are supported:<br />
# icainfo<br />
<strong>The</strong> following CP Assist <strong>for</strong> Cryptographic Function (CPACF) operations are<br />
supported by libica on this system:<br />
SHA-1: yes<br />
SHA-256: yes<br />
SHA-512: yes<br />
DES: yes<br />
TDES-128: yes<br />
TDES-192: yes<br />
AES-128: yes<br />
AES-192: yes<br />
AES-256: yes<br />
PRNG: yes<br />
► Make a backup of the SSL configuration file, /etc/ssl/openssl.cnf:<br />
# cd /etc/pki/tls<br />
# cp openssl.cnf openssl.cnf.orig<br />
► Append the sample SSL configuration file under /usr/share/doc/openssl-ibmca-1.1/ to<br />
the actual SSL configuration file, /etc/openssl.cnf:<br />
# cat /usr/share/doc/openssl-ibmca-1.1/openssl.cnf.sample-s390x >> openssl.cnf<br />
► Edit the appended file and search <strong>for</strong> the line with the openssl_conf variable. Move that<br />
line from the bottom to the top and save the file, as shown in the following example:<br />
# vi openssl.cnf<br />
/openssl_conf<br />
#<br />
# OpenSSL example configuration file.<br />
# This is mostly being used <strong>for</strong> generation of certificate requests.<br />
#<br />
# This definition stops the following lines choking if HOME isn't<br />
# defined.<br />
HOME = .<br />
RANDFILE = $ENV::HOME/.rnd<br />
openssl_conf = openssl_def<br />
...<br />
► Without a symlink we got the error:<br />
# time scp -c 3des-cbc /tmp/testdata.txt localhost:/dev/null<br />
Auto configuration failed<br />
2199031767552:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared<br />
library:dso_dlfcn.c:185:filename(/usr/lib64/libibmca.so): /usr/lib64/libibmca.so: cannot<br />
open shared object file: No such file or directory<br />
2199031767552:error:25070067:DSO support routines:DSO_load:could not load the shared<br />
library:dso_lib.c:244:<br />
2199031767552:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:<br />
2199031767552:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration<br />
error:eng_cnf.c:204:section=ibmca_section, name=dynamic_path,<br />
value=/usr/lib64/libibmca.so<br />
2199031767552:error:0E07606D:configuration file routines:MODULE_RUN:module<br />
initialization error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1<br />
lost connection<br />
► Make a symbolic link to the file /usr/lib64/openssl/engines/libibmca.so:<br />
# cd /usr/lib64<br />
# ln -s openssl/engines/libibmca.so<br />
# ls -l libibmca.so<br />
lrwxrwxrwx. 1 root root 27 Oct 20 16:47 libibmca.so -> openssl/engines/libibmca.so<br />
Chapter 13. Miscellaneous recipes 215