000028125 - KB-1401 - How to migrate SSL certificates during an upgrade

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028125
Applies ToAffected Versions: 4.X; 3.6.X
Resolution

When performing an upgrade the SSL certificate stores are deleted and regenerated. This can cause additional work with re-importing the certificates into the Aveksa system. You can save the current certificates and restore them after an upgrade. To save and restore the certs perform the following steps:


 


Note: You cannot restore certs from a 3.X to 4.X upgrade


 


1. Log in as the root user


2. Go to the certificate directory


for 4.X this is: /home/oracle/jboss/server/default/deploy/aveksa.ear/aveksa.war/WEB-INF/certificates


for 3.X this is:


/usr/bin/tomcat/webapps/aveksa/WEB-INF/certificates and


/usr/bin/jdk1.5.0_06/jre/lib/security/cacerts file


3. Save the certificate files in a safe place where the will not get overwritten


4. Perform the upgrade


5. Stop the Aveksa services


sudo service aveksa_agent stop (version 3.X only)


sudo service aveksa_server stop (all versions)


6. Copy the certificate files back to the original directory (step 2)


7. Restart the services


sudo service aveksa_server start (all versions)


sudo service aveksa_agent start (version 3.X only)


8. Test the certs - you should be able to connect to the UI and not get challenged 

Attachments

    Outcomes