Hi Gabriele,
Any reason why you aren't using r12.8 SP2 since r12.52 has already EOL in Feb 2019.
Anyway here's what I would do. Let's say smuser to be used instead of root and the install location is /opt/CA
Make sure the proxy services and any LLAWP processes are stopped.
create "smuser" account with ksh as its default shell
I added the following to the bottom of /home/smuser/.kshrc
# User specific aliases and functions
ulimit -n 40000
ulimit -u 40000
unset LANG
export JAVA_HOME=/opt/java/jdk1.x.x <- depending on your java version
export PATH=$JAVA_HOME/bin:$PATH
cd /opt/CA/secure-proxy
. ./ca_sps_env.sh
change the ownership of everything in the registry folder (default is /opt/etc/CA)
chown -R smuser:smuser /opt/etc
change the ownership of everything in the secure-proxy home folder
chown -R smuser:smuser /opt/CA
If you use ports numbers that are lower than 1024, you need to enable non-root user to be allowed to bind the process to those low ports. (e.g. 80 and 443). The below command needs to be run as root user or a user with sudo rights to setcap command.
/usr/sbin/setcap CAP_NET_BIND_SERVICE=+eip /opt/CA/secure-proxy/httpd/bin/httpd
---Edit---
The above command needs to be done every time you do a version upgrade when there's a change in the httpd binary. So I usually ask system admin to allow sudo rights to my non-root user to run this command whenever with do quaterly patch.
---End Edit---
logout and login as smuser.
start access gateway
if there's any complain of missing .so.1 kinda files, use root user to just copy those "missing" library files from secure-proxy proxy_engine lib folder to the /lib folder and do ldconfig.
Best Regards,
Zen