NetIQ Identity Manager 4.8.5 Patch 1 Common Dependencies Release Notes

April 2022

This version of Identity Manager (4.8.5.0100) common dependencies patch contains updates to the NICI and OpenSSL components. This document explains how to update the Identity Manager components using the common dependency patch.

IMPORTANT:In addition to the common dependencies update, Identity Manager 4.8.5.0100 resolves some of the previous issues. You can apply the patch for specific components such as Identity Manager Engine, Identity Applications, Self Service Password Reset (SSPR), and Designer. For more information, see the NetIQ Identity Manager 4.8.5 Patch 1 Release Notes.

1.0 What’s New?

The following components have been updated in this release:

1.1 Support for NICI 3.2.0.0100

This patch contains an updated version of NICI (3.2.0.0100), which adds support for OpenSSL 1.0.2zd. In this version, OpenSSL has fixed a potential security vulnerability. For more information about the issue, refer to this page.

1.2 Updates for Third-party Components

This release of Identity Manager adds support for OpenSSL 1.0.2zd.

2.0 System Requirements

You must have the following versions at a minimum to apply this patch:

  • eDirectory 9.2.6

  • iManager 3.2.6

  • Identity Manager 4.8.5

3.0 Updating This Patch on Linux

This patch requires you to update the following components based on your requirement:

3.1 Updating Identity Vault

You must update Identity Vault to eDirectory 9.2.6.0100 version. You can either update as a root user or non-root user. For more information on updating eDirectory, see the NetIQ eDirectory 9.2 Service Pack 6 Patch 1 Release Notes.

3.2 Updating Remote Loader

NOTE:Before updating the Remote Loader, ensure that the following components are stopped:

  • Remote Loader instance

  • Driver instance running with the Remote Loader

  1. Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.

  2. Navigate to the <extracted location>/common/Linux directory.

  3. (Conditional) If you are running a 64-bit Remote Loader, navigate to the x86_64 directory and run the following commands:

    rpm -Uvh nici64-3.2.0.0100.x86_64.rpm
rpm -Uvh netiq-openssl-1.0.2zd.x86_64.rpm

  4. (Conditional) If you are running a 32-bit Remote Loader, navigate to the i586 directory and run the following command:

    rpm -Uvh netiq-openssl-32bit-1.0.2zd.x86_64.rpm

  5. Start the Remote Loader instance and the driver instance.

3.3 Updating Fanout Agent

NOTE:Before updating the Fanout Agent, ensure that the following components are stopped:

  • Fanout Agent instance

  • Driver instance

  1. Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.

  2. Navigate to the <extracted location>/common/Linux/x86_64 directory.

  3. Run the following command to update NICI:

    rpm -Uvh nici64-3.2.0.0100.x86_64.rpm

  4. Start the Fanout Agent instance and the driver instance.

3.4 Updating iManager

You must update iManager to iManager 3.2.6.0200 version. For more information on updating iManager, see the NetIQ iManager Installation Guide.

3.5 Updating Identity Console

Identity Console 1.4.0.0100 release contains the updates for the NICI and OpenSSL components. If you have Identity Console installed in your deployment, refer to the NetIQ Identity Console 1.4 Patch 1 Release Notes for more information on updating Identity Console to 1.4.0.0100 version.

3.6 Updating Identity Applications

(Conditional) This section does not apply if Identity Applications is installed on the same machine as Identity Manager Engine and/or Remote Loader and you have already installed the common dependency patch to update OpenSSL.

  1. Stop the Tomcat service.

    systemctl stop netiq-tomcat.service

  2. Stop the NGINX service.

    systemctl stop netiq-nginx.service

  3. Download and extract the Identity_Manager_4.8.5.0100_Common_deps.zip file.

  4. Navigate to the <extracted location>/common/Linux/x86_64 directory.

  5. Run the following command to update OpenSSL:

    rpm -Uvh netiq-openssl-1.0.2zd.x86_64.rpm

  6. Start the NGINX service:

    systemctl start netiq-nginx.service

  7. (Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following command to restart PostgreSQL.

    systemctl restart netiq-postgresql.service

  8. Start the Tomcat service:

    systemctl start netiq-tomcat.service

3.7 Updating Identity Manager Third Party License

  1. Navigate to the Identity Manager installed folder on your machine, find the IdentityManager-3rdParty-license.txt file location. For example, /opt/netiq/idm/IdentityManager-3rdParty-license.txt.

  2. Download and extract the Identity_Manager_4.8.5.0100_Common_deps.zip file.

  3. Navigate to the <extracted location>/common/license directory.

  4. Copy the IdentityManager-3rdParty-license.txt file and replace it with the file in the location specified in Step 1.

4.0 Updating This Patch on Windows

This patch requires you to update the following components based on your requirement:

4.1 Updating Identity Vault

You must update Identity Vault to eDirectory 9.2.6.0100 version. For more information on updating eDirectory, see the NetIQ eDirectory 9.2 Service Pack 6 Patch 1 Release Notes.

4.2 Updating Remote Loader

NOTE:Before updating the Remote Loader, ensure that you perform the following steps:

  • Stop the Remote Loader instance

  • Stop the Driver instances running with the Remote Loader

  • Close the Remote Loader Console

  1. Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.

  2. (Conditional) If you are running a 64-bit Remote Loader, perform the following steps:

    1. Navigate to the <Identity Manager installed location>\Common\OpenSSL folder.

    2. Back up the libeay32.dll and ssleay32.dll files.

    3. Open command prompt and navigate to the <extracted location>\common\Windows\x86_64 folder.

    4. Run the NetIQ-OPENSSL.exe:

      NetIQ-OPENSSL.exe -i PRODUCT_NAME=IDM PRODUCT_VERSION=4.8.5.0 STAND_ALONE_UPGRADE=true

    5. (Conditional) If Remote Loader is running on a standalone server, perform the following steps:

      1. Navigate to the <Patch extracted location\common\Windows\x86_64 folder.

      2. Run the NICI_wx64.msi to upgrade NICI.

  3. (Conditional) If you are running a 32-bit Remote Loader, perform the following steps:

    1. Navigate to the <Identity Manager installed location>\RemoteLoader\32bit folder.

    2. Back up the libeay32.dll and ssleay32.dll files.

    3. Navigate to the <Patch extracted location>\common\Windows\i586 folder.

    4. Copy the libeay32.dll and ssleay32.dll files to the <Identity Manager installed location>\RemoteLoader\32bit folder.

    5. Run the NICI_w32.msi to upgrade NICI.

  4. Start the Remote Loader instance and the driver instance.

4.3 Updating iManager

You must update iManager to 3.2.6.0200 version. For more information on updating iManager, see the NetIQ iManager Installation Guide.

4.4 Updating Identity Console

Identity Console 1.4.0.0100 release contains the updates for the NICI and OpenSSL components. If you have Identity Console installed in your deployment, refer to the NetIQ Identity Console 1.4 Patch 1 Release Notes for more information on updating Identity Console to 1.4.0.0100 version.

4.5 Updating Fanout Agent

This procedure applies only if Fanout Agent is installed on a standalone server.

NOTE:Before updating the Fanout Agent, ensure that the following components are stopped:

  • Fanout Agent instance

  • Driver instance

  1. Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.

  2. Navigate to the <extracted location>\common\Windows\x86_64 directory.

  3. Run the NICI_wx64.msi to upgrade NICI.

  4. Start the Fanout Agent instance and the driver instance.

4.6 Updating Identity Applications

(Conditional) This section does not apply if Identity Applications is installed on the same machine as Identity Manager Engine and/or Remote Loader and you have already installed the common dependency patch to update OpenSSL.

  1. From the Windows services, stop the IDM Apps Tomcat Service running on your Identity Applications server.

  2. Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.

  3. Navigate to the <extracted location>/common/Windows/x86_64 folder.

  4. Run the NetIQ-OPENSSL.exe to update OpenSSL.

  5. Press Windows + R on your keyboard, type services.msc and select OK to open the Windows Services interface. Search for the service names, NetIQ Nginx Service. Right-click the service and select the Restart option.

  6. From the Windows services, start the IDM Apps Tomcat Service on your Identity Applications server.

4.7 Updating Identity Manager Third Party License

  1. Navigate to the Identity Manager installed folder on your machine, find the IdentityManager-3rdParty-license.txt file location. For example, C:\NetIQ\IDM\IdentityManager-3rdParty-license.txt

  2. Download and extract the Identity_Manager_4.8.5.0100_Common_deps.zip file.

  3. Navigate to the <extracted location>/common/license directory.

  4. Copy the IdentityManager-3rdParty-license.txt file and replace it with the file in the location specified in Step 1.

5.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in NetIQ Identity Manager 4.8 Service Pack 5 Release Notes. If you need further assistance with any issue, contact Technical Support.

6.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.