Versions Compared

Old Version 20

changes.mady.by.user Ylva Andersson

Saved on

compared with

New Version Current

changes.mady.by.user Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updates for CM 8.11

...

Info

Sequential upgrade process

To upgrade from older versions to newer versions, you must upgrade each version step-by-step. 

Example: Starting upgrade from 8.59.0, you must upgrade to 8.6.1 10 and thereafter to 8.711.10

Note

8.4.0 was replaced by 8.4.1. For more information, see Release note Certificate Manager 8.4.1

...

Info

Example

To upgrade from 8.39.0 to 8.711.10, use the files in the following folders in sequence:

  1. Upgrade from CM 8.39.x to 8.410.10

  2. Upgrade from CM 8.410.x to 8.511.0 

  3. Upgrade from CM 8.5.x to 8.6.1

  4. Upgrade from CM 8.6.x to 8.7.1

Step-by-step instruction

1. Upgrade database

Step-by-step instruction

1. Upgrade database

Database scripts for MSSQL, MySQL, PostgreSQL, Oracle, MariaDB, and AzureSQL are often included in the delivery of Certificate Manager. Some releases do not include database scripts to run due to no updates in the databases. The following applies: 

...

Note

Exception: Upgrade from 7.18.x to 8.010.0 and earlier

Support for the Oracle database version 11g MariaDB version below 10.5 has been removed in version 8.010.0 (and later) of Certificate Manager. If you use MariaDB version below 10.5, you must upgrade before you proceed with the steps below. 

Note

Exception: Upgrade from 7.18.x to 8.0.0

Support for the Oracle database version 11g has been removed in version 8.0.0 of Certificate Manager due to EOL. If you use Oracle 11g, you must upgrade before you proceed with the steps below. 

...

Database

Script

Comment

MSSQL

database/CMDBUpgrade_MSSQL_x_x_x.sql

The following applies: 

  • If there are no scripts included in the release bundle, go to the next step in this upgrade instruction (Upgrade Certificate Manager services).

  • If there are scripts included in the release bundle, run all included scripts. 

MySQL

database/CMDBUpgrade_MySQL_x_x_x.sql

Oracle

database/CMDBUpgrade_Oracle_x_x_x.sql

PostgreSQL

database/CMDBUpgrade_PostgreSQL_x_x_x.sql

MariaDB

database/CMDBUpgrade_MariaDB_x_x_x.sql

Starting from 8.2.x to 8.3.0, you must run the database script for MariaDB.

For CM 8.10, the minimum supported version of MariaDB is 10.5.

AzureSQLAzureSQL

database/CMDBUpgrade_AzureSQL_x_x_x.sql

Starting from 8.6.x to 8.7.0, you must run the database script for AzureSQL.

2. Upgrade Certificate Manager services

...

2. Upgrade Certificate Manager services

The Certificate Manager server components are installed and run as services. Do the following steps at the server(s) that runs any of the Nexus CF, Nexus CIS, or Nexus SNMP services. 

...

From 7.18.x to 8.0.0

Expand
titleUpgrade steps

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

  2. On the server(s) running the Nexus CF, Nexus CIS, or Nexus SNMP services:

    1. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder.

    2. Remove the following files from <cm-server-home>/config:

      • requestformats/httpclient.conf

      • http.conf

  3. The suggested default log levels for CM-SNMP has been reduced from FINEST to INFO. If you use CM-SNMP and want to change to the new default values, change this in the file <cm-server-home>/config/snmplog.properties.

  4. The following deprecated modifiers have been replaced or removed. If you use customized format files, make sure that none of the deprecated modifiers are used.

    1. These deprecated modifiers have been replaced:

      • SubjectKeyIdAdder > SubjectKeyIdentifierModifier

      • ScepUniqueness > RenewalAllowed

      • AltNameModifier > SubjectAltNameModifier

    2. These deprecated modifiers have been removed:

      • CheckCertWithSubject

      • CisFailoverModifier

      • DynamicValidity

      • InputStringBoundChecker

      • MonetaryLimitAttributeModifier

      • PublicKeyHash

      • RelativeValidity

      • ScepUniqueness

      • SubjectIdentifierSs

Info

Updated license file required

CM 8.x requires an updated license file in order to start. License files issued for CM 7.x cannot be used for CM 8.x. Place the updated license file in the directory <cm-server-home>/license/.

...

Expand
titleUpgrade steps

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

    3. <cm-server-home>/bin

    4. <cm-server-home>/deliverynotes

  2. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder. 
    Depending on which 8.4.x version you are currently on, some of the changes may already have been performed as part of an earlier upgrade.

  3. On the servers running the Nexus CF, Nexus CIS or Nexus SNMP service, remove all jar files in the <cm-server-home>/lib folder.

  4. Start the Nexus CIS, CF and SNMP services.

From 8.From 8.5.x to 8.6.1

Expand
titleUpgrade steps

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

    3. <cm-server-home>/bin

    4. <cm-server-home>/deliverynotes

  2. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder.

Depending on which 8.5.x version you are currently on, some of the changes may already have been performed as part of an earlier upgrade.

The ability to manually build CRLs and CILs has been moved from the officer role "Use AWB" to its own role in "Manual build of CRL and CIL". As such, if you have officers that should be able to perform manual builds of CXLs, then their officer profiles will need to be updated.

...

Expand
titleUpgrade steps

When you upgrade CM from 8.6.x to 8.7.1, execute only the database script in the folder "Upgrade from CM 8.6.x to 8.7.0" in the release bundle.

Do not use the script in the folder "Upgrade from CM 8.7.0 to 8.7.1"

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

    3. <cm-server-home>/bin

    4. <cm-server-home>/deliverynotes

  2. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder.

From 8.7.0 to 8.7.1

Important! Certificate Manager version 8.7.0 is no longer available on Nexus support portal.

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

    3. <cm-server-home>/bin

    4. <cm-server-home>/deliverynotes

  2. Do the configuration changes on the server(s) running the Nexus CF, Nexus SNMP and Nexus CIS service in: <cm-server-home>/config/  and <cm-server-home>/inputviews/ described in the respective files under the <server> folder.
    From Upgrade files CM 8.7.1/server/inputviews, add the following file to <cm-server-home>/inputviews:

    • kerberos-pkinit-san.conf

  3. Rename any custom formats files used by Certificate Manager that has a filename that begins with  the "_" character to something the does not begin with the "_" character. The reason for this is that formats starting with "_" will not be loaded.

From 8.7.x to 8.8.From 8.7.x to 8.8.0

Expand
titleUpgrade steps

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

    3. <cm-server-home>/bin

    4. <cm-server-home>/deliverynotes

  2. Do the configuration changes on the server(s) running the Nexus CF, Nexus SNMP and Nexus CIS service in: <cm-server-home>/config/  and <cm-server-home>/inputviews/ described in the respective files under the <server> folder. Depending on which 8.7.x version you are currently on, some of the changes may already have been performed as part of an earlier upgrade.

    1. From Upgrade files CM 8.9.0/server/inputviews, add the following files to <cm-server-home>/inputviews:

      •  v2x-enroll-enabling-registration.conf

      • kerberos-pkinit-san.conf

    2.  From Upgrade files CM 8.9.0/server/config, add the following file to <cm-server-home>/config:

      • rapcacsv2.conf

  3. Rename any custom formats files used by Certificate Manager that has a filename that begins with  the "_" character to something the does not begin with the "_" character. The reason for this is that formats starting with "_" will not be loaded.

  4. Only for upgrades coming from earlier Only for upgrades coming from earlier that 8.1.x: Run any steps that may have been postponed in earlier steps, such as those required for "copycacerts" when upgrading from CM 7.17.x or those in changes-format.txt when upgrading from CM 8.0.x.

...

Expand
titleUpgrade steps

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

    3. <cm-server-home>/bin

    4. <cm-server-home>/deliverynotes

  2. Make sure 64-bit Java SE 17 is installed and properly configured  to be used by the CF, CIS and SNMP services. See Certificate Manager - requirements and interoperability for more information.

  3. Rename any custom formats files used by Certificate Manager that has a filename that begins with  the "_" character to something the does not begin with the "_" character. Formats starting with "_" will not be loaded.

  4. Start the Nexus CIS, CF and SNMP services.

...

  1. Do the configuration changes on the server(s) running the Nexus CF, Nexus SNMP, and Nexus CIS service in: <cm-server-home>/config/  described in the respective files under the <server> folder.

From 8.9.x to 8.10.0

Expand
titleUpgrade steps

  1. Make a backup copy of these folders before applying any changes:
    <cm-server-home>/config
    <cm-server-home>/lib
    <cm-server-home>/bin
    <cm-server-home>/deliverynotes

  2. Do the configuration changes on the server(s) running the Nexus CF, Nexus SNMP, and Nexus CIS service in: <cm-server-home>/config/  described in the respective files under the <server> folder.

From 8.10.x to 8.11.0

Expand
titleUpgrade steps

  1. Make a backup copy of these folders before applying any changes:
    <cm-server-home>/config
    <cm-server-home>/lib
    <cm-server-home>/bin
    <cm-server-home>/deliverynotes

  2. On Linux, if you are upgrading from a Certificate Manager version earlier than 8.9.x, remove the Nexus CIS, CF and SNMP services using the cmservices tool:
     <install_root>/bin/cmservices remove cf
     <install_root>/bin/cmservices remove cis
       install_root>/bin/cmservices remove cmsnmpStop the Nexus CIS, CF, and SNMP services.remove cmsnmp

  3. Do the configuration changes on the server(s) running the Nexus CF, Nexus SNMP, and Nexus CIS service in: <cm-server-home>/config/  described in the respective files under the <server> folder.

  4. Rename any custom formats files used by Certificate Manager that has a filename that begins with  the "_" character to something the does not begin with the "_" character. Formats starting with "_" will not be loaded.

  5. On the servers running the Nexus CF, Nexus CIS, or Nexus SNMP service, remove all jar files in the <cm-server-home>/lib folder.

  6. Copy all jar files in Upgrade files CM 8.1011.0/server/lib to <cm-server-home>/lib.

  7. Replace all files in <cm-server-home>/tools with the new ones in Upgrade files CM 8.1011.0/server/tools.

  8. Copy all files in Upgrade files CM 8.1011.0/server/bin to <cm-server-home>/bin, replacing the old ones.

  9. Copy all files in Upgrade files CM 8.1011.0/server/deliverynotes to <cm-server-home>/deliverynotes, replacing the old ones.

  10. If you are upgrading from a Certificate Manager version earlier than 8.9.x, you must re-install the cmservices. On Linux, reinstall the Nexus CIS, CF and SNMP services using cmservices tool, replacing "cmuser" with the user who shall run the systemd services:

       <install_root>/bin/cmservices install cf cmuser cmuser
       <install_root>/bin/cmservices install cis cmuser cmuser
       <install_root>/bin/cmservices install cmsnmp cmuser cmuserConfigure java CF to use

  11. Make sure 64-bit Java SE 17 is installed and properly configured  to be used by the CF, CIS and SNMP services. See Certificate Manager - requirements and interoperability for more information.

  12. Configure services to use Java 17.

    1. On Windows open the Registry Editor. In "HKEY_LOCAL_MACHINE\SOFTWARE\Nexus\Service Parameters\CF<CF/CIS/SNMP>". Edit the variable JREPath so it instead points to Java 17 home directory.

    2. On Linux, navigate to <install_root>/bin and edit the JAVA variable in the <cf/cis/cmsnmp>_launch.conf to point to Java 17.

  13. Start the Nexus CIS, CF, and SNMP services.

...