Are there any fixes or just new stuff ?
David
Cybersecurity
DevOps Cloud
IT Operations Cloud
If an answer to your question is correct, click on "Verify Answer" under the "More" button. The answer will now appear with a checkmark. Please be sure to always mark answers that resolve your issue as verified. Your fellow Community members will appreciate it! Learn more
Are there any fixes or just new stuff ?
David
Unfortunately on one of our servers this update was applied.
The effect - after several manual adaptations - now is, that iManager is unusable on that server, due to a java version mismatch with the eclipse packet used by iManager.
But, if you have umc-server installed and running on any server first look into /etc/ssl/servercerts, if the elliptic curve certificate serverECcert.pem and key serverECkey.pem are present there. Out of three servers only one (which was freshly installed as OES 2023) had those in this place, despite the fact, that all servers have those server certificates in eDirectory.
OES 24.1.1 adds the redis@umc.service to the umc-server and this relies only on these EC certificates. You can change the certificates used in the configuration file, but - these certificates are hard coded in the startup and config script for umc-server instead of taking the values of the configuration file and use those, which would give users the possibility to exchange certificates easily. This type of scripting is typically for test and preliminary uses, which seem to be the new OT standard for software releases.
You can quite easily put the needed certificate and key in this place - but I doubt, that those will be updated, if you update your server certificates.
And since this update iManager opens with an empty page and novell-tomcat shows the following errors:
SEVERE [ajp-nio-127.0.0.1-9009-exec-4] org.apache.catalina.core.ApplicationDispatcher.invoke Servlet.service() for servlet [jsp] threw exception
java.lang.UnsupportedClassVersionError: JVMCFRE199E bad major version 55.0 of class=org/eclipse/jdt/internal/compiler/env/INameEnvironment, the maximum supported major version is 52.0; offset=6
.....
How do you got the serverECkey file created at /etc/ssl/servercerts/ ?
How do you got the serverECkey file created at /etc/ssl/servercerts/ ?
By exporting the certificate via iManager as *.pfx file. Afterwards you can extract the certificate and the key via openssl at the server itself or via any other certificate manipulation program on another computer. If you extract the certificate via e.g.:
openssl pkcs12 -in /*xx.pfx -nodes -clcerts -out /*xxcert.pem
you get a text file, which contains the key and the certificate concatenated. You then just need to divide this file into the *key.pem and the *cert.pem files to get your corrrect key and certificate files.