IBM Support

After a Guardium v9 upgrade, customer trusted certificates and Custom Attributes are lost

Flash (Alert)


Upgrading to Guardium v9 overwrites customer trusted certificates with standard Guardium certificates.
IBM Guardium bug 35679 - Certificate seems to be lost / unusable after an upgrade.
Values of calculated fields (Custom Attributes) are also overwritten


Technical Description:

An issue has been identified where trusted (GUI) certificates are overwritten after upgrading to Guardium v9.

Symptoms :

  • The GUI site may appear as not trusted
  • S-TAPs may appear in red in the System View
  • Custom Attributes are no longer available
Cause :

The problem is introduced when upgrading to v9. The trusted certificate (keystore file) gets overwritten and replaced by the initial configuration certificates and keys.
The Custom Attributes in the Guardium internal MySQL table are overwritten

The trusted certificate (keystore file) and values of calculated fields(Custom Attributes) must be preserved during patching and/or upgrading just as other local customizations are preserved.

  • The following steps should be undertaken when performing a v9 upgrade.

        1- Run the latest Health Check for your version - this will preserve the current trusted certificate (keystore file) and Custom Attributes

        2- Perform the v9 upgrade to the latest GPU - for example at the time of writing
        InfoSphere_Guardium_V8.2_to_V9.0p50_Upgrade_Bundle   Jul 3, 2013

        3- Restore the saved trusted certificate (keystore file) and Custom Attributes after the upgrade using this specific patch v9p1010 . The patch has no dependancy

        This patch has no dependancy and can be applied after any GPU level.

        For example customers who upgrade using GPU 9.0p02 or bundle 8.2-9.0p02 can also apply this patch to restore the data right after the upgrade to v9.0p02 as long as they use the Latest Health Check patch as per step 1 above - with the backup procedure included

        Note - For any later GPU after v9p50 there will be no need to perform step 3 during the upgrade process since the later GPUs will have the restore of the trusted certificate (keystore file) and Custom Attributes built in

  • For customers who have already upgraded to v9

        If no backup of the trusted certificate exists, the following cli commands should be used to re-upload the certificates
        store trusted certificate

        Custom Attributes could be re-added manually.

Related information

What are Computed Attributes / Custom Attributes / etc
Creating Custom Reporting Attributes

Document information

More support for: IBM Security Guardium

Software version: 9.0

Operating system(s): Linux

Reference #: 1651412

Modified date: 11 October 2013

Translate this page: