search cancel

Verifying the OpenSSL version for SPS (access gateway)

book

Article ID: 256638

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

At times, you may want to verify the version of OpenSSL running on Siteminder Access Gateway to ensure that it is not a version listed in a published vulnerability CVE.

Occasionally you may need to upgrade the version of OpenSSL on Siteminder Access Gateway and want to verify the system is now showing the version you upgraded too.  Upgrading OpwnSSL and other 3rd party components is done through officially released KB articles with packages upgrades of OpenSSL from Broadcom. (Do not download and upgrade OpenSSL outside of a Broadcom KB published by the Siteminder team).

 

Environment

Release : 12.8.x

Resolution

LINUX

1) Logon to the Access Gateway Host.

2) browse to the Siteminder Access Gateway directory

$ cd /opt/CA/secure-proxy

3) Set the Access Gateway environment variables

$ . ./ca_sps_env.sh

4) browse to the OpenSSL directory within the Access Gateway directory

$ cd SSL/bin

Default Path: /opt/CA/siteminder/secure-proxy/SSL/bin

5) Set the OpenSSL environment variable

$ export OPENSSL_CONF=./openssl.cnf

6) Verify the version of OpenSSL

$ openssl version

The following should be displayed:

OpenSSL 1.0.2k-fips  26 Jan 2017

WINDOWS

1) Logon to the Access Gateway Host.

2) Open a command prompt with elevated privileges (Run as Administrator).

3) Browse to the Siteminder Access Gateway directory

cd "\Program Files\CA\siteminder\secure-proxy\"

3) Browse to the OpenSSL directory within the Access Gateway directory

cd SSL/bin

Default Path: C:\Program Files\CA\siteminder\secure-proxy\SSL\bin

4) Verify the version of OpenSSL

openssl version

The following should be displayed:

OpenSSL 1.0.2k-fips  26 Jan 2017