Hi Akio,
This setting is on the Web Server, so every encryption / decryption
process will need it because it needs to reach the correct libraries
to do encryption and decryption.
Note that the same environment variable is needed on the Policy Server
side too for the same purpose.
Further reading involving that topic about CAPKI :
encryption algorithm used in traffic between policy servers and web agents
https://knowledge.broadcom.com/external/article?articleId=139417 Impossible to install siteminder on Apache 2.4.x Redhat 7.5
https://knowledge.broadcom.com/external/article?articleId=197032 Apache failing to start after agent configuration
https://knowledge.broadcom.com/external/article?articleId=195700 systemctl and Web Agent startup settings for Red Hat Apache Web Server 2.4.x
https://knowledge.broadcom.com/external/article?articleId=4165 PeopleSoft ERP agent fails to handshake with the policy server
https://knowledge.broadcom.com/external/article?articleId=131709 Apache Web Agent error : Set CAPKIHOME environment variable
https://knowledge.broadcom.com/external/article?articleId=121289 How can I start Web Agent using systemctl instead apachectl?
https://knowledge.broadcom.com/external/article?articleId=107936 How to view the CA Single Sign-On (SiteMinder) Policy server and WebAgent environmental variables with the UNIX/LINUX env and printenv commands
https://knowledge.broadcom.com/external/article?articleId=6779I hope this helps,
Best Regards,
Patrick
Original Message:
Sent: 08-18-2020 10:21 PM
From: Akio UCHIDA
Subject: "PassEnv CAPKIHOME" in a httpd.conf file
Hi Patrick,
Thank you for your response.
Very helpful.
I understood the users had to have "PassEnv CAPKIHOME" active.
Please accept another question.
This setting is used every connections from policy server to WebAgent.
Am I right?
Best Regards,
UCHIDA Akio
Original Message:
Sent: 08-18-2020 02:20 AM
From: Patrick Dussault
Subject: "PassEnv CAPKIHOME" in a httpd.conf file
Hi Akio,
The Web Agent needs the "PassEnv CAPKIHOME" in order to handle
correctly the encryption functions.
If you run Web Agent, you do need the "PassEnv CAPKIHOME" in Apache
configuration.
SDK tools need also the CAPKIHOME environment variable to handle the
same encryption functions.
I hope this helps,
Best Regards,
Patrick
Original Message:
Sent: 08-17-2020 09:17 PM
From: Akio UCHIDA
Subject: "PassEnv CAPKIHOME" in a httpd.conf file
Hello,
I have 2 questions for Webagent installation.
When they install WebAgent on a server, which another Apatche has already existed,
"PassEnv CAPKIHOME" is configured automatically in httpd.conf.
This behavior is actually observed at an user site.
Question 1.
This configuration (PassEnv CAPKIHOME) is used only for SDK tools.
But why this configuration is set in Apache httpd.file?
Apache and SDK are different components, the user is wondering.
Question 2.
If they do not use SDK tools, is it OK to comment out " PassEnv CAPKIHOME " in the httpd.conf?
Regards,
UCHIDA Akio