HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS > Chapter 1 Installation and Release Notes

Downloading and Installing HP SSL for OpenVMS from Web Site

  Table of Contents

  Index

You can install HP SSL Version 1.3 on versions of OpenVMS earlier than 8.3. A PCSI kit of HP SSL for OpenVMS is available for download from the HP SSL web site at

http://h71000.www7.hp.com/openvms/products/ssl/

Before Installing HP SSL for OpenVMS

Beginning in HP SSL Version 1.3, the installation procedure automatically removes the previous version of HP SSL before installing the new version. For example, if you have Version 1.2 installed, it is removed during the installation procedure and the product removal is displayed in the installation log.

The HP SSL Version 1.3 installation procedure also automatically removes any old SSL kits that have a kit name beginning with DEC or CPQ. This removal is done silently during the preconfigure phase and is not shown in the installation log. For example, if you have SSL Version 1.1-B (kit name CPQ) installed, it is silently removed when you install SSL Version 1.3.

NOTE: Do not use the PRODUCT REMOVE command to manually remove HP SSL Version 1.2 or higher. If you attempt to use PRODUCT REMOVE on these versions of HP SSL, you will receive a PCSI error that recommends terminating the operation. If you ignore the warning and continue to remove HP SSL, HP strongly recommends that you use PRODUCT INSTALL to install the HP SSL Version 1.3 PCSI kit as soon as possible. Other components in OpenVMS require that HP SSL is installed.

Before you begin the installation of HP SSL, perform the following steps:

  1. Preserve the SSL configuration files OPENSSL-VMS.CNF and OPENSSL.CNF (if you modified them) by copying them to another disk and directory before installing HP SSL.

  2. Shut down HP SSL on each node in the cluster before installing HP SSL on a common system disk in a cluster.

Installation Procedure

Install the HP SSL for OpenVMS kit by entering the following command:

$ PRODUCT INSTALL SSL

NOTE: Beginning in HP SSL Version 1.3 for OpenVMS, HP SSL is always installed into SYS$SYSDEVICE:[VMS$COMMON]. The /DESTINATION qualifier is no longer supported.

For a description of the features you can request with the PRODUCT INSTALL command when starting an installation, such as running the IVP, purging files, and configuring the installation, refer to the POLYCENTER Software Installation Utility User's Guide.

As the deinstallation and installation procedures progress, the system displays information similar to the following output.

NOTE: Specifying the /HELP qualifier on the PRODUCT INSTALL command line displays additional information about HP SSL.
$ PRODUCT INSTALL SSL/SOURCE=DKA500:[KITS] /HELP

The following product has been selected:

HP AXPVMS SSL V1.3-281 Layered Product

Do you want to continue? [YES]

Configuration phase starting ...

You will be asked to choose options, if any, for each selected product and for
any products that may be installed to satisfy software dependency requirements.

HP AXPVMS SSL V1.3-281: SSL for OpenVMS Alpha V1.3 (Based on OpenSSL 0.9.7e)

SSL for OpenVMS provides a toolkit that implements SSL V2/V3, TLS V1,
and a general purpose cryptography library.

Copyright 2006 Hewlett-Packard Development Company, L.P.

This software is installable on OpenVMS processors using the POLYCENTER
Software Installation utility.

IMPORTANT LEGAL NOTICE:

Exports of this product are subject to U.S. Export Administration
Regulations pertaining to encryption items and may require that
individual export authorization be obtained from the U.S.
Department of Commerce.


The /DESTINATION qualifier is not supported with SSL V1.3

As of SSL V1.3, the SSL product must be installed on the system disk.
If you specified a location other than the system disk with the use of the
qualifier /DESTINATION, it is recommended that you stop the installation
and restart it with the following command:

$ PRODUCT INSTALL SSL

If you did not specify the /DESTINATION qualifier, answer NO to the
termination question, and continue with the installation.
Terminating is strongly recommended. Do you want to terminate? [YES] NO

Do you want the defaults for all options? [YES]

Do you want to review the options? [NO]

Execution phase starting ...

The following product will be installed to destination:
HP AXPVMS SSL V1.3-281 DISK$DWLLNG_A_V73:[VMS$COMMON.]
The following product will be removed from destination:
HP AXPVMS SSL V1.2 DISK$DWLLNG_A_V73:[VMS$COMMON.]

Portion done: 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

The following product has been installed:
HP AXPVMS SSL V1.3-281 Layered Product
The following product has been removed:
HP AXPVMS SSL V1.2 Layered Product

%PCSI-I-IVPEXECUTE, executing test procedure for HP AXPVMS SSL V1.3-281 ...
%PCSI-I-IVPSUCCESS, test procedure completed successfully

HP AXPVMS SSL V1.3-281: SSL for OpenVMS Alpha V1.3 (Based on OpenSSL 0.9.7e)

There are post installation tasks that you must complete
including the following items that are described in detail:

- ensuring SSL startup and logical names creation files
are executed

- updating or copying the necessary startup, shutdown and
configuration files from the installed template files

- running the Installation Verification Program (IVP)

Refer to the SSL release notes and the OpenVMS SSL documentation for
more information about activities that should be performed once the
installation has finished.

SSL has created the following directory structure and files in
PCSI$DESTINATION (which defaults to SYS$SYSDEVICE:[VMS$COMMON]):

[SSL] Top-level SSL directory
[SSL.ALPHA_EXE] Contains the images for the Alpha platform
[SSL.COM] Directory to hold the various command procedures
[SSL.DEMOCA] Directory structure to demo SSL’s CA features
[SSL.DEMOCA.CERTS] Directory to hold the certificates and keys
[SSL.DEMOCA.CONF] Contains the configuration files
[SSL.DEMOCA.CRL] Contains revoked certificates and CRLs
[SSL.DEMOCA.PRIVATE] Directory for private keys and random data
[SSL.DOC] OpenSSL.org provided documentation & information
[SSL.INCLUDE] Contains the C Header (.H) files
[SSL.TEST] Contains the files used during the IVP

[SYS$STARTUP] Startup and shutdown templates and files
[SYSHLP] Release notes
[SYSHLP.EXAMPLES.SSL] SSL crypto and secure session examples
[SYSLIB] SSL shareable image files
[SYSTEST] SSL$IVP.COM test files


...after upgrading from previous SSL versions...

The SSL release notes provide information to verify the SSL startup,
shutdown, and configuration template files. Template files provide the
user with new features or changes, but do not overwrite existing command
procedures and configuration files. A product upgrade or re-installation
will not overwrite or create a new file version if the file has been odified.
It will only create the template files. It is suggested that you review
these files for any changes.

For more information, refer to the SSL Release Notes and other SSL
files using the system logical name definitions, or the subdirectory of
the PCSI destination device and directory.

...including verifying startup command procedures and logical names...

Once the installation is complete, verify that SSL$STARTUP.COM is
located in SYS$MANAGER:SYSTARTUP_VMS.COM file. This will define the
SSL$ executive mode logical names in the SYSTEM logical name table,
and install the SSL shareable images in memory that reside in the
[SYSLIB] directory.

Also, add SSL$SHUTDOWN.COM to the SYS$MANAGER:SYSHUTDWN.COM file to remove
the installed images and deassign the SSL$ logical name definitions.

If you have customized the SSL command files for the site, it is
suggested that you compare the SSL provided template files with your
existing command procedures and take the appropriate action to update
your files. A product upgrade or re-installation will not overwrite
these files.

By default SYS$STARTUP: logical can be used to locate the SSL provided
startup files.

System managers should modify site-specific requirements in SSL files:

SSL$COM:SSL$SYSTARTUP.COM
SSL$COM:SSL$SYSHUTDOWN.COM

HP recommends that these site-specific SSL command procedures are utilized
to tailor the SSL installation specific to the reqirements of the system
or site. These files are located in the SSL$COM: directory.

Refer to SYS$HELP:SSL013.RELEASE_NOTES for more information.

The SSL product release notes contain up to date information regarding
bug fixes, known problems, and general installation information.

%PCSIUI-I-COMPWERR, operation completed after explicit continuation from errors
$

Stopping and Restarting the Installation

Use the following procedure to stop and restart the installation:

  1. To stop the procedure at any time, press Ctrl/Y.

  2. Enter the DCL command PRODUCT REMOVE SSL to reverse any changes to the system that occurred during the partial installation. This deletes all files created up to that point and causes the installation procedure to exit.

  3. To restart the installation, go back to the beginning of the installation procedure.