Environment
NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Gateway Service on Windows
NetIQ Access Manager 4.1
NetIQ Access Gateway Service on Windows
Situation
The OpenSSL open source project team regularly releases updates to known
OpenSSL vulnerabilities
(https://www.openssl.org/news/openssl-1.0.1-notes.html). The Access
Gateway component of Access Manager uses this library for cryptographic
functions. It is recommended that all the Access Gateways be updated
with this latest OpenSSL patch.
To update the OpenSSL libraries on Access Gateway Services running on Windows, follow the instructions below.
To update the OpenSSL libraries on Access Gateway Services running on Windows, follow the instructions below.
Resolution
For those administrators running the Access Gateway Service (AGS) on Windows, the following procedure will need to be followed:
a) Open the powershell command line (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe) with admin privilege.
b) create and save a 'patch_update.ps1' file on the Windows system with exactly the lines defined in the "Additional Information" section of this TID below.
c) run patch_update.ps1 with three command line arguments.
1. username
2. password
3. rpmfilename (RPM file name should not contain .rpm at last)
where the username and password your NCC credentials where you registered the Access Manager product, and the filename is the version of OpenSSL you are upgrading to. This version is typically documented in TIDs and includes the OpenSSL version in the string eg. for OpenSSL 1.0.1t update, the filename is Openssl_Win_101t
e.g:- patch_update.ps1 <myusername> <mypassword> <Openssl_Win_101t>
The local download location for the OpenSSL update will be C:\Program Files\Novell\apache\novell_patch.
a) Open the powershell command line (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe) with admin privilege.
b) create and save a 'patch_update.ps1' file on the Windows system with exactly the lines defined in the "Additional Information" section of this TID below.
c) run patch_update.ps1 with three command line arguments.
1. username
2. password
3. rpmfilename (RPM file name should not contain .rpm at last)
where the username and password your NCC credentials where you registered the Access Manager product, and the filename is the version of OpenSSL you are upgrading to. This version is typically documented in TIDs and includes the OpenSSL version in the string eg. for OpenSSL 1.0.1t update, the filename is Openssl_Win_101t
e.g:- patch_update.ps1 <myusername> <mypassword> <Openssl_Win_101t>
The local download location for the OpenSSL update will be C:\Program Files\Novell\apache\novell_patch.
Additional Information
The patch_update.ps1 file should contain the following:
param (
[Parameter(Mandatory=$true)][string]$username,
[Parameter(Mandatory=$true)][string]$password,
[Parameter(Mandatory=$true)][string]$filename
)
$MyPassword = ConvertTo-SecureString $password -asplaintext -force;
$MyCredentials = new-object `
-typename System.Management.Automation.PSCredential `
-argumentlist $username,$MyPassword;
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
$User_Path = "C:\Program Files\Novell\apache\novell_patch";
Remove-Item $User_Path -Force -Recurse
new-item $User_Path -itemtype directory
import-module bitstransfer
gcm *bits* | ? {$_.Commandtype -eq "cmdlet"}
Start-BitsTransfer `
-ProxyUsage AutoDetect `
-Authentication Basic `
-Credential $MyCredentials `
-Source "https://nu.novell.com/repo/%24RCE/NAM42-APP-Updates/sle-11-x86_64/rpm/x86_64/$filename.rpm" `
-Destination $User_Path;
Rename-Item $User_Path\$filename.rpm $User_Path\$filename.zip
$path = $User_Path
$destination = $User_Path
$shell_app= New-Object -com shell.application
$files = Get-ChildItem -Path $path -filter *.zip -recurse
foreach($file in $files) {
$zip_file = $shell_app.namespace($file.FullName)
$copyHere = $shell_app.namespace($destination)
$copyHere.Copyhere($zip_file.items())
}
cd $User_Path\$filename
cmd.exe /c Openssl_update.bat
param (
[Parameter(Mandatory=$true)][string]$username,
[Parameter(Mandatory=$true)][string]$password,
[Parameter(Mandatory=$true)][string]$filename
)
$MyPassword = ConvertTo-SecureString $password -asplaintext -force;
$MyCredentials = new-object `
-typename System.Management.Automation.PSCredential `
-argumentlist $username,$MyPassword;
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
$User_Path = "C:\Program Files\Novell\apache\novell_patch";
Remove-Item $User_Path -Force -Recurse
new-item $User_Path -itemtype directory
import-module bitstransfer
gcm *bits* | ? {$_.Commandtype -eq "cmdlet"}
Start-BitsTransfer `
-ProxyUsage AutoDetect `
-Authentication Basic `
-Credential $MyCredentials `
-Source "https://nu.novell.com/repo/%24RCE/NAM42-APP-Updates/sle-11-x86_64/rpm/x86_64/$filename.rpm" `
-Destination $User_Path;
Rename-Item $User_Path\$filename.rpm $User_Path\$filename.zip
$path = $User_Path
$destination = $User_Path
$shell_app= New-Object -com shell.application
$files = Get-ChildItem -Path $path -filter *.zip -recurse
foreach($file in $files) {
$zip_file = $shell_app.namespace($file.FullName)
$copyHere = $shell_app.namespace($destination)
$copyHere.Copyhere($zip_file.items())
}
cd $User_Path\$filename
cmd.exe /c Openssl_update.bat