FAQ - Upgrade procedures
A list of questions and answers related to upgrade procedures:
- Q:How do I upgrade a component that was originally installed without SSL configuration?
- A: To configure SSL attributes, perform the following steps:
- Q: How do I upgrade a component that was installed with default certificates?
- A: Define the JKS_SSL_PASSWORD environment variable as described in Enhanced security for default certificates. For the full upgrade procedure, see Upgrading. If you are using default certificates and want to install a new component to be connected to a back-level master, see Upgrading in a mixed-version environment when using default certificates.
- Q: What happens if I do not remember the password for the default certificates?
- A: Before starting the upgrade, test the passwords for the certificates
using the following keytool commands:
-
keytool -list -keystore TWSServerTrustFile.jks -storepass my_password
-
keytool -list -keystore TWSServerKeyFile.jks -storepass my_password
-
- Q: The upgrade failed because the password I provided for the certificates in the JKS_SSL_PASSWORD variable is incorrect. How can I recover from this error?
- A. Before restarting the upgrade, perform the following steps:
- Retrieve and test the password for the certificates, as described in Q: What happens if I do not remember the password for the default certificates?
- Restore the previous version of the ita.ini file.
- Restart the upgrade.
- Q: My environment is FIPS compliant. What happens if I upgrade to version 10.2.2?
- A: Version 10.2.2 does not support FIPS. If you want to
upgrade to this version, your environment will no longer be FIPS compliant.
A new optional parameter named enablefips is available
in the serverinst and twsinst scripts
to check FIPS settings before you upgrade. This is because you need to be
aware that by upgrading, your environment will no longer be FIPS
compliant.Upgrade scenarios vary depending on your upgrade path, as follows:
- If you are upgrading from version 10.2.1
- FIPS is already disabled by default in this version. If do not specify the enablefips parameter or you set it to false, the upgrade proceeds. If you set the enablefips parameter to true, the upgrade stops with an error message and you have to set enablefips to false to proceed.
- If you are upgrading from any version other than 10.2.1
- You can proceed in one of the following ways:
- Disable FIPS before upgrading by editing the
following options in the configuration files:
- localopts
- set SSL Fips enabled to no
- ita.ini
- set fips_enable to no
- Set the enablefips parameter to false. A warning message is displayed to inform you that FIPS is being disabled and the localopts and ita.ini files are automatically updated with the new FIPS configuration (the previous SSL Fips enabled option is removed and the new SSL FIPS compliance option is added and set to no/false) . The upgrade proceeds.
- Disable FIPS before upgrading by editing the
following options in the configuration files:
- Can I install a backup master domain manager at version 10.2.2 in a back-level environment?
- How can I get the dynamic agent installed on the new backup master domain manager to communicate with the back-level master domain manager?
- In back-level
environments, for example 9.4, SSL is not enabled by default
and TLS version 1.2 needs to be enabled on the back-level
master domain manager to enable communication. Perform the following steps on
the back-level master domain manager:
- Browse to the
<JazzSMHome>/profile/config/cells/JazzSMNode01Cell
path, where
- <JazzSMHome>
- is the directory where Jazz for Service Management is installed.
- Open the security.xml file in a flat-text editor.
- Change the value of the sslProtocol parameter to TLSv1.2 and save the file.
- Browse to the JazzSM/profile/properties path.
- Open the ssl.client.props file in a flat-text editor.
- Change the com.ibm.ssl.protocol parameter to TLSv1.2 and save the file.
- Run the following commands from the DWC_home/wastools directory to stop
and restart the Dynamic Workload Console.
./ stopWas.sh -direct -\user| DWCuser -password \password ./ startWas.sh -direct
- Browse to the
<JazzSMHome>/profile/config/cells/JazzSMNode01Cell
path, where