Table of Contents

Search

  1. Preface
  2. Upgrade Overview
  3. Before You Upgrade the Domain on Linux
  4. Before You Upgrade the Domain on UNIX
  5. Before You Upgrade the Domain on Windows
  6. Prepare for the Upgrade
  7. Upgrade the Domain
  8. Upgrade the Domain with Changes to Node Configuration
  9. Before You Upgrade the Application Services
  10. Application Service Upgrade
  11. Informatica Client Upgrade
  12. After You Upgrade
  13. Appendix A: Upgrade Checklist

Upgrading from Versions 10.4.0 and 10.4.1 (10.5.2)

Upgrading from Versions 10.4.0 and 10.4.1 (10.5.2)

Secure Client Connections to the Domain

Secure Client Connections to the Domain

If you enabled secure communication between client applications and the Informatica domain in the previous version, you must verify the keystore file locations or generate a new keystore after you upgrade. If you use Metadata Manager, you must generate a new keystore file after you upgrade. If you use other client applications, you must verify the keystore file locations after you upgrade
When you configure a secure connection between a client application and a service, you specify the keystore file that contains the keys and certificates for the secure HTTPS connection. After you upgrade, you must generate a new keystore file or verify the keystore file locations. The upgrade process does not update the keystore file or locations.
If you used RSA encryption with fewer than 512 bits to create the private key and SSL certificate, you must create new SSL certificate files. Due to the FREAK vulnerability, Informatica does not support RSA encryption with fewer than 512 bits.
The tasks that you must perform depend on which client applications you use.
Metadata Manager
If you use Metadata Manager, generate a new keystore file after you upgrade. Regenerate the keystore file to ensure that the Java version used to generate the keystore file matches the Java version installed with Informatica. If the Java versions do not match, users that perform operations in Metadata Manager might get a "Cannot connect to Metadata Manager Service" error.
To generate a new keystore file, perform the following steps:
  1. Generate a new keystore file that contains the keys and certificates required to secure the connection for the Metadata Manager web application. Use the keytool utility installed with the current version of Informatica to generate the keystore file.
    The Metadata Manager Service uses RSA encryption. Therefore, Informatica recommends that you use a security certificate that was generated with the RSA algorithm.
  2. Save the keystore file in a directory that can be accessed from the machine where the Metadata Manager Service runs.
  3. Use the Administrator tool to update the keystore file for the Metadata Manager Service.
Other Web Client Applications
If you use other web client applications, the tasks that you must perform depend on the following locations where you previously stored the keystore files:
A location inside the previous Informatica installation directory structure
If you stored the keystore file in a location inside the previous Informatica installation directory structure, perform the following steps:
  1. Copy the file to another location.
  2. Update the application service with the copied keystore file location.
    Use the Administrator tool to update the location of the keystore file for the appropriate application service. For example, if the keystore file is used for Analyst tool security, update the keystore file location in the Analyst Service properties.
A location outside the previous Informatica installation directory structure
If you stored the keystore file in a location outside the previous Informatica installation directory structure, verify
that the keystore file can be accessed from the machine where the application service runs.

0 COMMENTS

We’d like to hear from you!