Howto Update a Linux Access Gateway Service host with the latest OpenSSL builds

  • 7017580
  • 06-May-2016
  • 10-Jun-2016

Environment

NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Gateway Service on Linux (SLES or RHEL)

Situation

The OpenSSL open source project team regularly releases updates to known OpenSSL vulnerabilities (https://www.openssl.org/news/openssl-1.0.1-notes.html). The Access Gateway component of Access Manager uses this library for cryptographic functions. It is recommended that all the Access Gateways be updated with this latest OpenSSL patch.

To update the OpenSSL libraries on Access Gateway Services running on SLES or RHEL, follow the instructions below.

Resolution

For those administrators running the Access Gateway Service (AGS) on Linux (RHEL and SLES), the following procedure will need to be followed:

a) create the following script file on the AGS eg. openssl-update.sh

#!/bin/bash#!/bin/bash
USER_NAME=$1
PASSWORD=$2
RPM_NAME=$3
if [ -z $USER_NAME -o -z $PASSWORD -o -z RPM_NAME]
then
    echo "Empty user name or password or rpm name , usage is ./upgradeOpenSSL.sh username password rpmname "
    exit 0;
fi
export INST_LOG_DIR="/tmp/novell_access_manager"
export OPENSSL_UPGRADE_LOG="${INST_LOG_DIR}/upgrade_openssl_`date +"%F_%T"`.log"
if [ ! -d /opt/novell/nam/mag ]
then
    echo "The rpm $RPM_NAME is not applicable on this system."
    exit 0;
fi
if rpm -q $RPM_NAME > /dev/null
then
    echo "The rpm $RPM_NAME is already installed, nothing to upgrade."
    exit 0;
fi
echo "Downloading the rpm $RPM_NAME ......"
wget -q --no-check-certificate --http-user=$USER_NAME --http-password=$PASSWORD 'https://nu.novell.com/repo/%24RCE/NAM42-APP-Updates/sle-11-x86_64/rpm/x86_64/'$RPM_NAME.x86_64.rpm > $OPENSSL_UPGRADE_LOG 2>&1

if [ ! -L "/usr/bin/sh" ]
then
    ln -s /bin/bash /usr/bin/sh
fi  
rpm -Uvh $RPM_NAME.x86_64.rpm >> $OPENSSL_UPGRADE_LOG 2>&1
if [ "$?" == 0 ]
then
    echo "Upgraded $RPM_NAME."
else
    echo "Upgrade of $RPM_NAME failed."
fi
rm -rf $RPM_NAME*


b) run 'bash openssl-update.sh username password novell-nacm-apache-extra-4.0.8-1.0.1t' to download the 1.0.1t version of OpenSSL for example (change depending on version available)

where username and password are the mirror credentials for the Novell Customer Care Portal the product was registered with.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.