Skip to main content
Skip table of contents

In Place Upgrade Procedure

Overview

This guide will upgrade a single node from EJBCA Enterprise version 7.3.1.2 to EJBCA Enterprise 7.3.1.4.  In this example, the EJBCA host will have an IP Address of 172.1617.130.  Please change this IP address to be the IP Address that matches the EJBCA node being upgraded.

Download the EJBCA Cloud or Virtual Appliance Upgrade file from your customer download folder or obtain a copy from support at support@primekey.com

  1. Copy the upgrade package to the EJBCA node using the following method:
    1. Using the CLI:
      If using a Mac or Linux based computer use the following command to copy the file to the host (Note: If using AWS, ensure you specify the user as ec2-user with your SSH key and in Azure, specify the user provisioned with your instance)

      BASH
      scp ~/Downloads/ejbca_ee_7_3_1_4_virtual_appliance_upgrade.zip root@172.16.17.130:/opt/dist/
    2. If using a program such as WinSCP or CyberDuck:
      Click "Open Connection":

      Enter the host credentials and click connect:

      Select the /opt/dist directory

      Drag and drop the file to the EJBCA VM in the /opt/dist directory.
  2. SSH to the EJBCA VM and login as root

    BASH
    ssh root@172.16.17.130

  3. Change directory to the /opt directory

    BASH
    cd /opt
  4. Unzip the upgrade file into the /opt/ directory

    BASH
    unzip dist/ejbca_ee_7_3_1_4_virtual_appliance_upgrade.zip
  5. Ensure the file extracted into the /opt/ directory by doing a directory listing

    BASH
    [root@ejbca-node-01 opt]# ls -la
    total 0
    drwxr-xr-x.  8 root    root    148 May 15 17:34 .
    drwxr-xr-x. 17 root    root    261 May 14 20:19 ..
    drwxr-xr-x.  2 root    root     60 May 15 17:29 dist
    lrwxrwxrwx.  1 root    root     22 May 14 18:20 ejbca -> /opt/ejbca_ee_7_3_1_2/
    drwxr-xr-x.  7 wildfly wildfly  80 May 14 20:22 ejbca_ee_7_3_1_2
    drwxr-xr-x   6 root    root     52 May 14 12:20 ejbca_ee_7_3_1_4
    drwxr-xr-x.  6 wildfly wildfly  90 May 14 20:23 PrimeKey
    drwxr-xr-x.  3 root    root     21 May 14 17:54 rh
    lrwxrwxrwx.  1 root    root     25 May 14 18:03 wildfly -> /opt/wildfly-10.1.0.Final
    drwxr-xr-x. 10 wildfly wildfly 237 May 14 18:20 wildfly-10.1.0.Final
    [root@ejbca-node-01 opt]# 
  6. Copy the existing config files to the new EJBCA install folder overwriting the default files with the existing files

    BASH
    /bin/cp -f ejbca/conf/*.properties ejbca_ee_7_3_1_4/conf/
  7. Stop WildFly

    BASH
    systemctl stop wildfly
  8. Remove "ejbca" symlink

    BASH
    rm ejbca

    NOTE: Ensure it asks you to remove symbolic link!

    BASH
    rm: remove symbolic link ‘ejbca’? 

    If sure, select "y" and press enter.

  9. Create a new symbolic link

    BASH
    ln -s ejbca_ee_7_3_1_4 ejbca
  10. Ensure the symbolic link points to the new EJBCA directory

    BASH
    lrwxrwxrwx   1 root    root     16 May 15 17:53 ejbca -> ejbca_ee_7_3_1_4
  11. Change the ownership of the new EJBCA files (ensure the trailing "/" in the command below so the permissions of the directory are changed and not the symlink itself)

    BASH
    chown -R wildfly:wildfly /opt/ejbca/
  12. Copy the "ejbca.ear" file to the WildFly deployments directory

    BASH
    /bin/cp -f ejbca/dist/ejbca.ear /opt/wildfly/standalone/deployments/

    If upgrading to newer versions of EJBCA at EJBCA 7.10.0 or above, additional steps are needed if you see errors like the following:

    BASH
    2023-02-09 01:46:20,847 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "ejbca.ear")]) - failure description: {
        "WFLYCTL0412: Required services that are not installed:" => ["jboss.naming.context.java.EjbcaDS"],
        "WFLYCTL0180: Services with missing/unavailable dependencies" => [
            "jboss.persistenceunit.\"ejbca.ear#ejbca\".__FIRST_PHASE__ is missing [jboss.naming.context.java.EjbcaDS]",
            "jboss.persistenceunit.\"ejbca.ear#ejbca\" is missing [jboss.naming.context.java.EjbcaDS]"
        ]
    }

    Perform the additional steps for the WildFly configuration.  These settings need to be added because of changes in 3.0 of EJBCA Cloud and newer virtual appliances that support multiple database dialects. 

    1. Stop wildfly

    CODE
    systemctl stop wildfly
    

    2. In standalone.xml, this value needs to be changed:

    CODE
    <datasource jndi-name="java:/EjbcaDS" pool-name="ejbcads" use-ccm="true">
    
    to
    
    <datasource jndi-name="java:/AppDS" pool-name="appds" use-ccm="true">


    3. In standalone.xml, need to change this value:

    BASH
    <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
    
    to
    
    <spec-descriptor-property-replacement>true</spec-descriptor-property-replacement>


    4. In the standalone.conf you need to add to the JAVA_OPTS section, the following line:

    CODE
    JAVA_OPTS="${JAVA_OPTS} -Dcontainer.database.name=mysql -Dcontainer.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb"

    Alternatively, if you are using an external database, you can upgrade nodes by getting a new node running and doing a cluster join via the wizard.  For more information see the AWS cluster upgrade guide or Azure cluster upgrade guide.

  13. Restart wildfly

    BASH
    systemctl start wildfly
  14. Ensure the new version of EJBCA is 7.3.1.4 (or the version you are upgrading to.
  15. Apply the latest indexes for your upgraded version of EJBCA.  The indexes are located at /opt/ejbca/doc/sql-scripts/create-index-ejbca.sql.  Apply this index to the database.  The indexes will be skipped that are already applied, and the new ones added for any new EJBCA features will be added to the database.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.