Errors starting XIC after upgrading to Version 1.30 from previous versions
When upgrading to version 1.30 from a previous version, the following occurs:
- Rename the .ssh and .pem files as follows:
XIC_EP.ssl to XIC_EP.ssl.bak
XIC_PrivatePair.pem to XIC_PrivatePair.pem.bak
XIC_PubKey.pem to XIC_PubKey.pem.bak
XIC_XTR_EP.ssl to XIC_XTR_EP.ssl.bak
XIC_XTR_PrivatePair.pem to XIC_XTR_PrivatePair.pem.bak
XIC_XTR_PubKey.pem to XIC_XTR_PubKey.pem.bak - Recreate the .ssl and .pem files and encrypt them using Java.
- Replace everything else with the files in the version 1.30 package.
In the event the Upgrade is done before the files have been renamed, the installation script replaces everything with files in the Version 3 package (step 3) and therefore the upgrade never works As a result, the previous-version .ssl and .pem files are still in place and XIC is trying to decrypt them using Java, but they have been encrypted using openssl.
The Customer will need to carefully perform the steps below manually, replacing the directory indicated with ?/ with the full path of the directory. For example, in my installation, the full path to ?/XYPRO is /users/davet/local/XYPRO.
- Make a backup copy of the current installation. For example:
cp -R ?/webservices ?/webservices_bak - In the ?/webservices directory:
./shutdown.sh - In the ?/.ssh directory:
mv XIC_EP.ssl XIC_EP.ssl.bak
mv XIC_PrivatePair.pem XIC_PrivatePair.pem.bak
mv XIC_PubKey.pem XIC_PubKey.pem.bak
mv XIC_XTR_EP.ssl XIC_XTR_EP.ssl.bak
mv XIC_XTR_PrivatePair.pem XIC_XTR_PrivatePair.pem.bak
mv XIC_XTR_PubKey.pem XIC_XTR_PubKey.pem.bak
chmod +x ?/dst/iXYKeygen.jar
chmod +x ?/dst/iXYCrypto.jar
java -jar ?/dst/iXYKeygen.jar -keygen -alg RSA -keylength 4096 -publickey ?/.ssh/XIC_XTR_PubKey.pem -privatekey ?/.ssh/XIC_XTR_PrivatePair.pem -debug
java -jar ?/dst/iXYKeygen.jar -keygen -alg RSA -keylength 4096 -publickey ?/.ssh/XIC_PubKey.pem -privatekey ?/.ssh/XIC_PrivatePair.pem -debug
java -jar ?/dst/iXYCrypto.jar passphrase ?/.ssh/XIC_XTR_PrivatePair.pem ?/.ssh/XIC_XTR_EP.ssl
java -jar ?/dst/iXYCrypto.jar passphrase ?/.ssh/XIC_PrivatePair.pem ?/.ssh/XIC_EP.ssl
Note: Replace passphrase with your current Java keystore passphrase.
chmod 400 XIC_XTR_PrivatePair.pem
chmod 400 XIC_XTR_PubKey.pem
chmod 400 XIC_PrivatePair.pem
chmod 400 XIC_PubKey.pem
chmod 400 XIC_EP.ssl
chmod 400 XIC_XTR_EP.ssl - In the ?/webservices directory:
./startup.sh
Related Articles
XS1 - Upgrading from Version 1.90 to Version 1.97
Please review this entire KB before starting any upgrade from XS1 v1.90 to release 1.97. 1. Review the document "XS1 v1.97 Installation and Set Up Guide. It contains a section, "Upgrading from XS1 1.90 to 1.97" that contains steps to follow when ...
XIC: Is XIC compatible with CyberArk version 12.2?
As of XIC 1.30, CyberArk 12.2 works with all available versions of XIC. If this article did not provide a solution, please open a case with our support team by sending an email message to support@xypro.com.
XIC 1.36 or below release is not working with Java 11.
XIC has to be reinstalled after setting up PATH for Java version 1.80 1. Shutdown XIC 2. Remove the XIC or rename the XIC directory, for example, mv ./webservices ./webservices_bak 3. Set PATH to Java version 1.80, for example, ...
XMA: SLSENDER fails to start after upgrading to Merged Audit 2.65
There is a known issue where SLSENDER will not start after upgrading to XMA 2.65. If the customer cannot start SLSENDER after upgrading, the post upgrade steps below can be used. If we know a customer will be upgrading to XMA 2.65, pre-upgrade steps ...
XIC: How to remove and regenerate the certificate of alias xic from the XIC.jks keystore file
Step 1. Give write security on keystore syntax: chmod 600 <keystore-file> example: chmod 600 XIC.jks Step 2. Cleaning XIC.jks file, if there is a certificate chain for xic alias syntax: keytool -delete -keystore <keysotre-file> -alias <alias-name> ...