When you configure a secure connection between a client application and a service, you specify the keystore file that contains the keys and certificates for the secure HTTPS connection. After you upgrade, you must generate a new keystore file or verify the keystore file locations. The upgrade process does not update the keystore file or locations.
If you used RSA encryption with fewer than 512 bits to create the private key and SSL certificate, you must create new SSL certificate files. Due to the FREAK vulnerability, Informatica does not support RSA encryption with fewer than 512 bits.
The tasks that you must perform depend on which client applications you use.
If you use Metadata Manager, generate a new keystore file after you upgrade. Regenerate the keystore file to ensure that the Java version used to generate the keystore file matches the Java version installed with Informatica. If the Java versions do not match, users that perform operations in Metadata Manager might get a "Cannot connect to Metadata Manager Service" error.
To generate a new keystore file, perform the following steps:
Generate a new keystore file that contains the keys and certificates required to secure the connection for the Metadata Manager web application. Use the keytool utility installed with the current version of Informatica to generate the keystore file.
The Metadata Manager Service uses RSA encryption. Therefore, Informatica recommends that you use a security certificate that was generated with the RSA algorithm.
Save the keystore file in a directory that can be accessed from the machine where the Metadata Manager Service runs.
Use the Administrator tool to update the keystore file for the Metadata Manager Service.
Other Web Client Applications
If you use other web client applications, the tasks that you must perform depend on the following locations where you previously stored the keystore files:
A location inside the previous Informatica installation directory structure
If you stored the keystore file in a location inside the previous Informatica installation directory structure, perform the following steps:
Copy the file to another location.
Update the application service with the copied keystore file location.
Use the Administrator tool to update the location of the keystore file for the appropriate application service. For example, if the keystore file is used for Analyst tool security, update the keystore file location in the Analyst Service properties.
A location outside the previous Informatica installation directory structure
If you stored the keystore file in a location outside the previous Informatica installation directory structure, verify
that the keystore file can be accessed from the machine where the application service runs.