Jamf Nation Community

Hey all,

We've got a KB out for this that may have been missed as the title has not been updated to include 9.x and only mentions 8.x.

Backing Up a Third-Party SSL Certificate Before Upgrading the JSS to v8.x on Linux.

This has been the behavior on and off for awhile, and we do have a product issue (PI-003358) open to have it addressed, and have our instructions include the steps of manually backing up the .p12 file and the keystore (which also sometimes doesn't get moved back) prior to running the installer for an upgrade to avoid this issue.

As @hessf mentioned, if you run into this, you can find the necessary files in /usr/local/jss/backups/ and just move them back and restart Tomcat.

@grahamfw This is a known issue; we have it filed under PI-002504.

If you would like to have a case attached to either PI, if one or both apply to your situation, please get in touch with your TAM either by e-mailing support@jamf.com, giving us a call, or using the My Support section of Jamf Nation.

Thanks!
Amanda Wulff
Jamf Support

@amanda.wulff Please make note that neither of those PI's show up in the current '9.97 Release Notes' link. So when reading information for an upgrade from X to 9.97 I would look at known issues for what might be an issue during this upgrade. Since they are not listed, one would expect it wouldn't be an issue.

This is another example why a customer accessible PI DB is repeatedly requested and why this community has resorted to creating our own.

@millersc

PI-003358 was opened after 9.97 was released, so it is not possible that it would have been able to make it into the Known Issues section of the 9.97 release notes.

A customer accessible Product Issues database is currently a Feature Request that is under review, so it may be helpful to leave a comment there if you have not already.

Thanks!
Amanda Wulff
Jamf Support

@amanda.wulff I'm glad to know it's a documented issue. I would expect that since JSS now supports uploading a certificate/key pair, (meaning I didn't side load it or change the configuration manually) JSS would maintain it during upgrades.

I also ran into this today (running ubuntu 14.04.2). I'd like to add that we ran chown on the .jks & .p12 files back to jamftomcat as we noticed the permissions change when copying over from the backup directory

We ran into this issue as well when upgrading from the original 9.97 to the newly released 9.97 version that fixed the FV2 issues. However, our JSS runs on Windows Server, not Linux, so perhaps the issue is more widespread than originally thought.

@cgalik Just ran into the same issue on a Windows Server as well. Whats the fix?

Anyone? Reached out to support on Friday and have not heard back yet.

@rharrington

Haven't applied latest 9.97 hotfix (and run JSS on Linux), but thinking that you would need to restore the keystore from backup/restart Tomcat on Windows as well (if same issue as reported w/ Linux). Also might need to lookout for server.xml, etc. (reading comments earlier in thread).

The newest release has the same problem. Need to start sending billables.