Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Upgrade Certificate Manager

Owned by Josefin Klang
Last updated: Apr 10, 2024 by Ylva AnderssonVersion comment
9 min read

This article describes how to upgrade Smart ID Certificate Manager to the latest version. For all other upgrade paths, contact Nexus.

Sequential upgrade process

To upgrade from older versions to newer versions, you must upgrade each version step-by-step. 

Example: Starting from 8.5.0, you must upgrade to 8.6.1 and thereafter to 8.7.1. 

8.4.0 was replaced by 8.4.1. For more information, see Release note Certificate Manager 8.4.1

Prerequisites

Example

To upgrade from 8.3.0 to 8.7.1, use the files in the following folders in sequence:

  1. Upgrade from CM 8.3.x to 8.4.1

  2. Upgrade from CM 8.4.x to 8.5.0 

  3. Upgrade from CM 8.5.x to 8.6.1

  4. Upgrade from CM 8.6.x to 8.7.1

Step-by-step instruction

1. Upgrade database

Database scripts for MSSQL, MySQL, PostgreSQL, Oracle, MariaDB, and AzureSQL are often included in the delivery of Certificate Manager. Some releases do not include database scripts to run due to no updates in the databases. The following applies: 

  • If there are no scripts included in the release bundle, go to the next step in this upgrade instruction (Upgrade Certificate Manager services).

  • If there are scripts included in the release bundle, run all included scripts. 

 

Do the following:

  1. To upgrade the CMDB (Certificate Manager Database), run the appropriate script in the MSSQL Server Management Studio, MySQL client, Oracle SQLPlus, or PostgreSQL client.

  2. Verify that no errors occurred.

Database

Script

Comment

Database

Script

Comment

MSSQL

database/CMDBUpgrade_MSSQL_x_x_x.sql

The following applies: 

  • If there are no scripts included in the release bundle, go to the next step in this upgrade instruction (Upgrade Certificate Manager services).

  • If there are scripts included in the release bundle, run all included scripts. 

 

 

 

 

MySQL

database/CMDBUpgrade_MySQL_x_x_x.sql

Oracle

database/CMDBUpgrade_Oracle_x_x_x.sql

PostgreSQL

database/CMDBUpgrade_PostgreSQL_x_x_x.sql

MariaDB

database/CMDBUpgrade_MariaDB_x_x_x.sql

Starting from 8.2.x to 8.3.0, you must run the database script for MariaDB.

For CM 8.10, the minimum supported version of MariaDB is 10.5.

AzureSQL

database/CMDBUpgrade_AzureSQL_x_x_x.sql

Starting from 8.6.x to 8.7.0, you must run the database script for AzureSQL.

2. Upgrade Certificate Manager services

The Certificate Manager server components are installed and run as services. Do the following steps at the server(s) that runs any of the Nexus CF, Nexus CIS, or Nexus SNMP services. 

Before you start, make sure to:

From 7.18.x to 8.0.0

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

  2. On the server(s) running the Nexus CF, Nexus CIS, or Nexus SNMP services:

    1. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder.

    2. Remove the following files from <cm-server-home>/config:

      • requestformats/httpclient.conf

      • http.conf

  3. The suggested default log levels for CM-SNMP has been reduced from FINEST to INFO. If you use CM-SNMP and want to change to the new default values, change this in the file <cm-server-home>/config/snmplog.properties.

  4. The following deprecated modifiers have been replaced or removed. If you use customized format files, make sure that none of the deprecated modifiers are used.

    1. These deprecated modifiers have been replaced:

      • SubjectKeyIdAdder > SubjectKeyIdentifierModifier

      • ScepUniqueness > RenewalAllowed

      • AltNameModifier > SubjectAltNameModifier

    2. These deprecated modifiers have been removed:

      • CheckCertWithSubject

      • CisFailoverModifier

      • DynamicValidity

      • InputStringBoundChecker

      • MonetaryLimitAttributeModifier

      • PublicKeyHash

      • RelativeValidity

      • ScepUniqueness

      • SubjectIdentifierSs

From 8.0.x to 8.1.0

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

  2. On the server(s) running the Nexus CF, Nexus CIS or Nexus SNMP services:

    1. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder. 
      Note the important changes described in the file changes-formats.txt. The file is located here: <Upgrade\Upgrade from CM 8.0.x to 8.1.0\server>. The tool used in changes-formats.txt requires updated lib files. Therefore those instructions should be executed after the new jar files has been replace in the final upgrade instruction.

    2. From Upgrade files CM 8.1.0/server/inputviews, add the following files to <cm-server-home>/inputviews, or replace if any of these files already exist:

      • acme-account-reg-search.conf

      • acme-prereg-search.conf

      • countries.conf

      • device-cert-registration.conf

      • estsecretsearch.conf

From 8.1.x to 8.2.0

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

  2. On the server(s) running the Nexus CF, Nexus CIS, or Nexus SNMP services:

    1. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder.

From 8.2.x to 8.3.0

  1. Make a backup copy of these folders before applying any changes:

    1. <cm-server-home>/config

    2. <cm-server-home>/lib

  2. On the server(s) running the Nexus CF, Nexus CIS or Nexus SNMP services:

    1. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder.

    2. From <Upgrade files CM 8.3.0/server/inputviews>, add the following file to <cm-server-home>/inputviews:

      • scepdynamicpasswordregsearch.conf

From 8.3.x to 8.4.1

  1. Make a backup copy of this folder before applying any changes:

    1. <cm-server-home>/config

  2. Do the configuration changes in <cm-server-home>/config/ described in the respective files under the <server> folder.

  3. From Upgrade files CM 8.4.1/server/inputviews, add these files to <cm-server-home>/inputviews:

    1. est-auth-cert.conf

    2. its-station-registration.conf

From 8.4.x to 8.5.0

From 8.5.x to 8.6.1

From 8.6.x to 8.7.1

From 8.7.x to 8.8.0

From 8.8.x to 8.9.0

From 8.9.x to 8.10.0

3. Upgrade Certificate Manager clients

4. Upgrade Certificate Manager Protocol Gateway

See Upgrade Protocol Gateway

5. Upgrade Certificate Manager SDK

 

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions