Versions Compared

Old Version 16

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

compared with

New Version 17

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes how to upgrade Smart ID Certificate Manager to the latest version. For all other upgrade paths, contact Nexus.

Info

Sequential upgrade process

To upgrade from older versions to newer versions, you must upgrade each version step-by-step. 

Example: Starting from 8.5.0, you must upgrade to 8.6.1 and thereafter to 8.7.1. 

Note

8.4.0 was replaced by 8.4.1. For more information, see Release note Certificate Manager 8.4.1

Prerequisites

Info

Example

To upgrade from 8.3.0 to 8.7.1, use the files in the following folders in sequence:

  1. Upgrade from CM 8.3.x to 8.4.1

  2. Upgrade from CM 8.4.x to 8.5.0 

  3. Upgrade from CM 8.5.x to 8.6.1

  4. Upgrade from CM 8.6.x to 8.7.1

...

  • If there are no scripts included in the release bundle, go to the next step in this upgrade instruction (Upgrade Certificate Manager services).

  • If there are scripts included in the release bundle, run all included scripts. 

Info

Select version

Make sure to select the specific script for the upgrade. You must run each DB script from the start version to the target version in sequence.

The script examples below displays x_x_x as a reference to the CM version number that you are upgrading to. 

Note

Exception: Upgrade from 7.18.x to 8.0.0

Support for the Oracle database version 11g has been removed in version 8.0.0 of Certificate Manager due to EOL. If you use Oracle 11g, you must upgrade before you proceed with the steps below. 

...

The Certificate Manager server components are installed and run as services. Do the following steps at the server(s) that runs any of the Nexus CF, Nexus CIS, or Nexus SNMP services. 

Info

Final upgrade step - the lib, bin, and tool folders

The lib, bin, and tool folders should always be postponed until the last step of the upgrade procedure to enable a successful upgrade to the latest version. Starting the system while upgrading may lead to error, such as corrupted data or failure to use the system.

...

Expand
titleFrom 8.0.x to 8.1.0

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

  2. On the server(s) running the Nexus CF, Nexus CIS or Nexus SNMP services:

    1. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder. 
      Note the important changes described in the file changes-formats.txt. The file is located here: <Upgrade\Upgrade from CM 8.0.x to 8.1.0\server>. The tool used in changes-formats.txt requires updated lib files. Therefore those instructions should be executed after the new jar files has been replace in the final upgrade instruction.

    2. From Upgrade files CM 8.1.0/server/inputviews, add the following files to <cm-server-home>/inputviews, or replace if any of these files already exist:

      • acme-account-reg-search.conf

      • acme-prereg-search.conf

      • countries.conf

      • device-cert-registration.conf

      • estsecretsearch.conf

...

Expand
titleUpgrade CM clients

Do the following:

  1. Shut down all the Certificate Manager clients.

  2. Make sure Java SE 17 is installed and set as default Java on the system. Certificate Manager clients can be run on both 32-bit and 64-bit JDKs with the following limitations:

    1. Linux:
      64-bit Java is required in order to use clients with Personal.

    2. Windows:
      After the upgrade, if a javaw.exe binary exists under the C:\Windows\SysWOW64 folder, clients will continue to run on 32-bit Java even if default JDK is 64-bit. Remove this binary (and javaws.exe, java.exe) in order to run the clients on 64-bit Java.

  3. Backup the <cm-client-home>/config folder.

  4. Uninstall the Certificate Manager clients components, see Uninstall Certificate Manager server components and clients

    1. On Windows use "Programs and Features" to uninstall "Certificate Manager Clients Components".

    2. On Linux, run <cm-client-home>/install/setup.sh -u.

  5. Remove any remaining hotfix jar files in the <cm-client-home>/lib folder.

    1. On Linux, if there is a <cm-client-home>/P11 folder, backup any config file with customizations to Personal Desktop Client and then delete the folder.

  6. Install the new version of the clients, included in the delivery of Certificate Manager.

  7. Apply any customizations to the new configuration files in the <cm-client-home>/config folder.

The officer role "Use AWB" is now used for read-only access to the AWB and no longer has permission to do manual builds of CRLs and CILs. Instead, the role "Manual build of CRL and CIL" is needed to perform manual builds.

The officer profile that was previously used by the officer that performed manual builds must now be modified to include the role "Manual build of CRL and CIL".

4. Upgrade Certificate Manager Protocol Gateway

See Upgrade Protocol Gateway

...