AnsweredAssumed Answered

Gel scripting and SSL in upgrades

Question asked by another_martink on Oct 18, 2012
Latest reply on Mar 11, 2013 by navzjoshi00
What are the good practices regarding certificates for SSL in upgrades


1. JDK UPGRADE
Say the certs are in jre\lib\security\cacerts

What is going to happen when you install a new JDK?
That will most likely write a new jre\lib\security\cacerts and thus the certs in use will no longer be available

Correct or not?

What is the good practise?
If it a dedicated Clarity server uninstall the old JDK and jre and import the cert again to the new cacert file?

2. CLARITY UPGRADE
It is common to restore a db dump to test server and do a test upgrade there.

I've read somewhere that in addition to the properties xml the same settings are stored in the db.
Say you have the same versin of Clarity installed on your test server and you restore the db dump.
So when you restore the db dump should the setting to ..\config\.keystore exist when you open NSA?

Is correct that regardless they exist you have to recreate the cert and import it because the machine name is different (or should be)?
And you would have to do the import also if you have upgraded your jdk.

Martti K.

Outcomes