Novell Home

iChain 2.3 Support Pack 1 Now Available

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 6 Oct 2004
 

This file contains updates for services contained in the iChain 2.3 product. The purpose of the patch is to provide a bundle of enhancements and fixes for issues that have surfaced since iChain 2.3 was released. It is not recommended to install individual files from the patch.

Reminders/Tips:

  1. Set the hardware clock to the correct time and date before imaging an iChain box!
  2. You can use ic23sp1.exe to upgrade an iChain 2.2 box to 2.3. You must have console access when you do this to accept the license agreement for iChain 2.3.
  3. When working with third-party certificates always verify that the time, date and time zone have been set correctly on the iChain appliance before creating the CSR, trying to import the response file or testing the third-party certificate.

Tip: There have been some reports of ic23sp1.exe not completing and getting into a state where you cannot re-apply. If this should occur:

At the CLI, type "otwugversion". If nothing comes back or is an invalid command then it is a known condition that occurs.

Unlock the debug consoles and at the NetWare Console type restore.ncf. Then re-apply the OTWUG.

Enhancements in iChain Version 2.3 SP1

  1. Added the ability to enable the secure bit on cookies.
    - Edit APPSTART.NCF to load PROXY.NLM with the -cs switch.
    Syntax: load proxy -cs
    - All accelerators must have secure exchange enabled to utilize this feature.
  2. Added additional field (Load Line Parameters) for board settings in Admin GUI for Gigabit card support.
  3. Removed SOCKS client setting from the Gateway panel.
  4. Remove Filtering/WCCP modules that iChain does not use.
  5. Raised number of Trusted Roots limit supported from 32 to 64.
  6. Fixed browser error "Chained certs causing basic constraint violation messages" with chained client certificate whose path length constraint set to 0.
  7. Add option to insert/remove sub path in Cookies when using Path Based Multi-homing.
    Syntax: removesubpathincookie = [yes/no]
  8. Support to store Form Fill Policies on local file system. Syntax: Add the following to the Form Fill Policy on the ISO object:

    <LocalPolicy>{Filename}</LocalPolicy>

    *If {FileName} does not contain \ / or : it is a file expected to be in SYS:ETC\Proxy\Appliance\Config\User\Formfill - otherwise it will take it as an absolute path. You can use multiple tags like this... But the maximum size is limited to 1MB.
  9. Now validate administrator Formfill XML against existing XML Tags to make sure syntax and cases are correct.
  10. Added iChain set command to turn off CRL checking. Syntax: set authentication mutual disablerevocationchecks = [yes/no]
  11. Option to disable telnet posting listener on TCP port 23. Syntax: set listener telnet enable = [on/off]
  12. Made an Admin GUI setting for non-exportability of Certificates.
  13. Improved OTWUG install to differentiate between iChain product versions.
  14. Caching improvements when .js, .jpg,.jpeg,.png files referenced in customized login pages.
  15. DNS error messages added to the messages.cfg file.
  16. Added "Please Login" string from login pages to the messages.cfg for translation.
  17. iChain can now handle certificates if subject name starts with SN=.

Known issues in Novell iChain Version 2.3 SP1

Read the Novell iChain Version 2.3 Support Pack 1 Readme for a list of known issues: http://www.novell.com/documentation/ichain23/readme/readme.txt


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell