Skip to content

Changing the JRE

PKI Services Manager installs its own Java Runtime Environment (JRE) and uses this installed JRE by default. It is also possible to configure PKI Services Manager to use a different JRE.

Note

The JRE you configure must be Java version 8 (1.8.0_nn).

Apply the Unlimited Strength Jurisdiction Policy Files to your JRE

Each time you upgrade your JRE, you need to apply the unlimited strength policy files to the new JRE.

  1. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle. Uncompress and extract the downloaded file.

    Be sure to download the correct policy files for your version of Java; version 8 updates(1.8.x) use a different set of files than previous versions.

  2. Locate the following two policy files.

  3. local_policy.jar

  4. US_export_policy.jar

  5. Replace the existing limited strength policy files (located in java-home\lib\security on Windows or java-home/lib/security on Unix) with the unlimited strength versions you extracted in the previous step.

To change the JRE on Windows

If you upgrade PKI Services Manager, you do not need to repeat this procedure. The edited registry setting remains after an uninstall.

  1. Open the Windows Registry Editor and navigate to the following key (or create this key if it does not yet exist).

    HKEY_LOCAL_MACHINE\SOFTWARE\Micro Focus\ReflectionPKI

  2. Create a new string value named JvmPath and set the value to point to the full path where jvm.dll is located (java-home\bin\client).

The path to the JRE can also be set using the environment variable PKID_JVM_PATH on Windows systems. If the path is specified in both the registry and using the environment variable, the environment variable takes precedence.

To change the JRE on Unix

To configure a JRE on Unix you need to modify the PKID_JVM_PATH keyword in /etc/pkid.conf to point to the JRE shared library (either libjvm.so or libjvm.sl depending on your Unix operating system), as described in the following procedure.

Note

If you upgrade PKI Services Manager you'll need to run uninstall.sh with the upgrade option in order to preserve your modified path setting, as described below.

  1. Log in as root.

  2. Add write permissions to /etc/pkid.conf:

    chmod u+w /etc/pkid.conf

  3. Open /etc/pkid.conf in a text editor.

    Set the value of PKID_JVM_PATH to point to the JVM shared library. For example, on Linux: PKID_JVM_PATH=/usr/java/default/jre/lib/amd64/server/libjvm.so

  4. Save the modified script.

  5. Remove write permissions from /etc/pkid.conf.

    chmod u-w /etc/pkid.conf

  6. Restart PKI Services Manager: pkid restart

To configure a separate JRE to be used only by PKI Services Manager

On some UNIX systems, if you already have a JRE on your system that you use for other purposes, you can configure a separate JRE private to PKI Services Manager. The following procedure describes how to do this on Linux systems:

  1. Download the non-RPM version of the JRE.
  2. Extract the JRE package.

  3. Move the extracted JRE directory to a directory of your choice in the PKI Services Manager data directory (typically /opt/microfocus/pkid).

    For example: mv /extracted_jvm /opt/microfocus/pkid/jre_latest 4. Apply the Unlimited Strength Jurisdiction Policy Files to this JRE. 5. Edit /etc/pkid.conf to configure PKI Services Manager to use this JRE, as described in the preceding procedure.

To preserve your modified JRE setting when upgrading on UNIX systems

This procedure creates a backup file that includes your modified path to the JRE (along with other location settings you specified when you installed PKI Services Manager). When you install the upgrade, the installer locates this backup and asks if you want to preserve your settings.

Uninstall the old version of PKI Services Manager using the upgrade option

  1. Log in as root.

  2. Run uninstall.sh using the upgrade option. (By default, this script is installed to /opt/microfocus/pkid/bin/.)

    For example: /opt/microfocus/pkid/bin/uninstall.sh -–upgrade

    The upgrade option creates a backup of your current location settings (including your modified JRE path). It does not change the default uninstall behavior for backing up the configuration directory, as described in “Upgrading From Earlier Versions”.

Install the newer version

  1. Log in as root.
  2. Run the install script: ./install.sh

  3. If you uninstalled using the upgrade option, you will see a message like the following:

    Found location settings from prior installation:
pkidHome = /opt/microfocus/pkid
pkidJvmPath = /opt/microfocus/pkid/jre_latest
systemBin = /usr/local/bin
systemSbin = /usr/local/sbin
Use locations from prior installation (y/n):
    4. Enter y to preserve your settings.