VSI-I64VMS-SSL111-V0101-1DA-1-RELNOTE.PDF

This document, the "VSI SSL111 for OpenVMS V1.1-1DA Release Notes" (October 2019), introduces a new release of VSI SSL111 based on OpenSSL 1.1.1d.

Key points include:

• Coexistence: VSI SSL111 is designed to co-exist with older VSI SSL 1.4 and VSI SSL1 installations, allowing applications dependent on different versions to run on the same system.

• Installation & Integration:

  • It outlines post-installation activities, such as executing startup and logical name creation files, updating configuration files, and running the Installation Verification Program (IVP).
  • It details how to integrate SSL111$STARTUP.COM into SYS$MANAGER:SYSTARTUP_VMS.COM and SSL111$SHUTDOWN.COM into SYS$MANAGER:SYSHUTDWN.COM. A critical instruction is to invoke SSL111$STARTUP.COM last among other SSL startup procedures to ensure the OPENSSL logical points to the latest header files.
  • The document specifies the directory structure created by the installation.

• Migration from Older Versions: A significant portion is dedicated to migrating site-specific changes from VSI SSL V1.4 or VSI SSL1 to VSI SSL111. This includes updating custom startup/shutdown procedures and OpenSSL configuration files.

• Certificate Store Migration (Critical): The most detailed migration instruction focuses on certificate stores. VSI SSL111 uses SHA-1 for certificate subject hashes, while older versions used MD5. Consequently, users must manually rename certificate files in their store to reflect their new SHA-1 hash to ensure proper certificate validation with VSI SSL111. An example of this process is provided.
• Removal: Instructions are given for removing SSL111 using $ PRODUCT REMOVE SSL111, noting that some generated files may persist.