Environment
NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Gateway Service on Linux (SLES or RHEL)
NetIQ Access Manager 4.1
NetIQ Access Gateway Service on Linux (SLES or RHEL)
Situation
The OpenSSL open source project team regularly releases updates to known OpenSSL vulnerabilities (https://www.openssl.org/news/openssl-1.0.1-notes.html). The Access
Gateway component of Access Manager uses this library for cryptographic
functions. It is recommended that all the Access Gateways be updated
with this latest OpenSSL patch.
To update the OpenSSL libraries on Access Gateway Services running on SLES or RHEL, follow the instructions below.
To update the OpenSSL libraries on Access Gateway Services running on SLES or RHEL, follow the instructions below.
Resolution
For those administrators running the Access Gateway Service (AGS) on
Linux (RHEL and SLES), the following procedure will need to be followed:
a) create the following script file on the AGS eg. openssl-update.sh
#!/bin/bash#!/bin/bash
USER_NAME=$1
PASSWORD=$2
RPM_NAME=$3
if [ -z $USER_NAME -o -z $PASSWORD -o -z RPM_NAME]
then
echo "Empty user name or password or rpm name , usage is ./upgradeOpenSSL.sh username password rpmname "
exit 0;
fi
export INST_LOG_DIR="/tmp/novell_access_manager"
export OPENSSL_UPGRADE_LOG="${INST_LOG_DIR}/upgrade_openssl_`date +"%F_%T"`.log"
if [ ! -d /opt/novell/nam/mag ]
then
echo "The rpm $RPM_NAME is not applicable on this system."
exit 0;
fi
if rpm -q $RPM_NAME > /dev/null
then
echo "The rpm $RPM_NAME is already installed, nothing to upgrade."
exit 0;
fi
echo "Downloading the rpm $RPM_NAME ......"
wget -q --no-check-certificate --http-user=$USER_NAME --http-password=$PASSWORD 'https://nu.novell.com/repo/%24RCE/NAM42-APP-Updates/sle-11-x86_64/rpm/x86_64/'$RPM_NAME.x86_64.rpm > $OPENSSL_UPGRADE_LOG 2>&1
if [ ! -L "/usr/bin/sh" ]
then
ln -s /bin/bash /usr/bin/sh
fi
rpm -Uvh $RPM_NAME.x86_64.rpm >> $OPENSSL_UPGRADE_LOG 2>&1
if [ "$?" == 0 ]
then
echo "Upgraded $RPM_NAME."
else
echo "Upgrade of $RPM_NAME failed."
fi
rm -rf $RPM_NAME*
b) run 'bash openssl-update.sh username password novell-nacm-apache-extra-4.0.8-1.0.1t' to download the 1.0.1t version of OpenSSL for example (change depending on version available)
where username and password are the mirror credentials for the Novell Customer Care Portal the product was registered with.
a) create the following script file on the AGS eg. openssl-update.sh
#!/bin/bash#!/bin/bash
USER_NAME=$1
PASSWORD=$2
RPM_NAME=$3
if [ -z $USER_NAME -o -z $PASSWORD -o -z RPM_NAME]
then
echo "Empty user name or password or rpm name , usage is ./upgradeOpenSSL.sh username password rpmname "
exit 0;
fi
export INST_LOG_DIR="/tmp/novell_access_manager"
export OPENSSL_UPGRADE_LOG="${INST_LOG_DIR}/upgrade_openssl_`date +"%F_%T"`.log"
if [ ! -d /opt/novell/nam/mag ]
then
echo "The rpm $RPM_NAME is not applicable on this system."
exit 0;
fi
if rpm -q $RPM_NAME > /dev/null
then
echo "The rpm $RPM_NAME is already installed, nothing to upgrade."
exit 0;
fi
echo "Downloading the rpm $RPM_NAME ......"
wget -q --no-check-certificate --http-user=$USER_NAME --http-password=$PASSWORD 'https://nu.novell.com/repo/%24RCE/NAM42-APP-Updates/sle-11-x86_64/rpm/x86_64/'$RPM_NAME.x86_64.rpm > $OPENSSL_UPGRADE_LOG 2>&1
if [ ! -L "/usr/bin/sh" ]
then
ln -s /bin/bash /usr/bin/sh
fi
rpm -Uvh $RPM_NAME.x86_64.rpm >> $OPENSSL_UPGRADE_LOG 2>&1
if [ "$?" == 0 ]
then
echo "Upgraded $RPM_NAME."
else
echo "Upgrade of $RPM_NAME failed."
fi
rm -rf $RPM_NAME*
b) run 'bash openssl-update.sh username password novell-nacm-apache-extra-4.0.8-1.0.1t' to download the 1.0.1t version of OpenSSL for example (change depending on version available)
where username and password are the mirror credentials for the Novell Customer Care Portal the product was registered with.