This version of Identity Manager (4.8.5.0100) common dependencies patch contains updates to the NICI and OpenSSL components. This document explains how to update the Identity Manager components using the common dependency patch.
IMPORTANT:In addition to the common dependencies update, Identity Manager 4.8.5.0100 resolves some of the previous issues. You can apply the patch for specific components such as Identity Manager Engine, Identity Applications, Self Service Password Reset (SSPR), and Designer. For more information, see the NetIQ Identity Manager 4.8.5 Patch 1 Release Notes.
The following components have been updated in this release:
This patch contains an updated version of NICI (3.2.0.0100), which adds support for OpenSSL 1.0.2zd. In this version, OpenSSL has fixed a potential security vulnerability. For more information about the issue, refer to this page.
This release of Identity Manager adds support for OpenSSL 1.0.2zd.
You must have the following versions at a minimum to apply this patch:
eDirectory 9.2.6
iManager 3.2.6
Identity Manager 4.8.5
This patch requires you to update the following components based on your requirement:
You must update Identity Vault to eDirectory 9.2.6.0100 version. You can either update as a root user or non-root user. For more information on updating eDirectory, see the NetIQ eDirectory 9.2 Service Pack 6 Patch 1 Release Notes.
NOTE:Before updating the Remote Loader, ensure that the following components are stopped:
Remote Loader instance
Driver instance running with the Remote Loader
Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.
Navigate to the <extracted location>/common/Linux directory.
(Conditional) If you are running a 64-bit Remote Loader, navigate to the x86_64 directory and run the following commands:
rpm -Uvh nici64-3.2.0.0100.x86_64.rpm rpm -Uvh netiq-openssl-1.0.2zd.x86_64.rpm
(Conditional) If you are running a 32-bit Remote Loader, navigate to the i586 directory and run the following command:
rpm -Uvh netiq-openssl-32bit-1.0.2zd.x86_64.rpm
Start the Remote Loader instance and the driver instance.
NOTE:Before updating the Fanout Agent, ensure that the following components are stopped:
Fanout Agent instance
Driver instance
Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.
Navigate to the <extracted location>/common/Linux/x86_64 directory.
Run the following command to update NICI:
rpm -Uvh nici64-3.2.0.0100.x86_64.rpm
Start the Fanout Agent instance and the driver instance.
You must update iManager to iManager 3.2.6.0200 version. For more information on updating iManager, see the NetIQ iManager Installation Guide.
Identity Console 1.4.0.0100 release contains the updates for the NICI and OpenSSL components. If you have Identity Console installed in your deployment, refer to the NetIQ Identity Console 1.4 Patch 1 Release Notes for more information on updating Identity Console to 1.4.0.0100 version.
(Conditional) This section does not apply if Identity Applications is installed on the same machine as Identity Manager Engine and/or Remote Loader and you have already installed the common dependency patch to update OpenSSL.
Stop the Tomcat service.
systemctl stop netiq-tomcat.service
Stop the NGINX service.
systemctl stop netiq-nginx.service
Download and extract the Identity_Manager_4.8.5.0100_Common_deps.zip file.
Navigate to the <extracted location>/common/Linux/x86_64 directory.
Run the following command to update OpenSSL:
rpm -Uvh netiq-openssl-1.0.2zd.x86_64.rpm
Start the NGINX service:
systemctl start netiq-nginx.service
(Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following command to restart PostgreSQL.
systemctl restart netiq-postgresql.service
Start the Tomcat service:
systemctl start netiq-tomcat.service
Navigate to the Identity Manager installed folder on your machine, find the IdentityManager-3rdParty-license.txt file location. For example, /opt/netiq/idm/IdentityManager-3rdParty-license.txt.
Download and extract the Identity_Manager_4.8.5.0100_Common_deps.zip file.
Navigate to the <extracted location>/common/license directory.
Copy the IdentityManager-3rdParty-license.txt file and replace it with the file in the location specified in Step 1.
This patch requires you to update the following components based on your requirement:
You must update Identity Vault to eDirectory 9.2.6.0100 version. For more information on updating eDirectory, see the NetIQ eDirectory 9.2 Service Pack 6 Patch 1 Release Notes.
NOTE:Before updating the Remote Loader, ensure that you perform the following steps:
Stop the Remote Loader instance
Stop the Driver instances running with the Remote Loader
Close the Remote Loader Console
Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.
(Conditional) If you are running a 64-bit Remote Loader, perform the following steps:
Navigate to the <Identity Manager installed location>\Common\OpenSSL folder.
Back up the libeay32.dll and ssleay32.dll files.
Open command prompt and navigate to the <extracted location>\common\Windows\x86_64 folder.
Run the NetIQ-OPENSSL.exe:
NetIQ-OPENSSL.exe -i PRODUCT_NAME=IDM PRODUCT_VERSION=4.8.5.0 STAND_ALONE_UPGRADE=true
(Conditional) If Remote Loader is running on a standalone server, perform the following steps:
Navigate to the <Patch extracted location\common\Windows\x86_64 folder.
Run the NICI_wx64.msi to upgrade NICI.
(Conditional) If you are running a 32-bit Remote Loader, perform the following steps:
Navigate to the <Identity Manager installed location>\RemoteLoader\32bit folder.
Back up the libeay32.dll and ssleay32.dll files.
Navigate to the <Patch extracted location>\common\Windows\i586 folder.
Copy the libeay32.dll and ssleay32.dll files to the <Identity Manager installed location>\RemoteLoader\32bit folder.
Run the NICI_w32.msi to upgrade NICI.
Start the Remote Loader instance and the driver instance.
You must update iManager to 3.2.6.0200 version. For more information on updating iManager, see the NetIQ iManager Installation Guide.
Identity Console 1.4.0.0100 release contains the updates for the NICI and OpenSSL components. If you have Identity Console installed in your deployment, refer to the NetIQ Identity Console 1.4 Patch 1 Release Notes for more information on updating Identity Console to 1.4.0.0100 version.
This procedure applies only if Fanout Agent is installed on a standalone server.
NOTE:Before updating the Fanout Agent, ensure that the following components are stopped:
Fanout Agent instance
Driver instance
Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.
Navigate to the <extracted location>\common\Windows\x86_64 directory.
Run the NICI_wx64.msi to upgrade NICI.
Start the Fanout Agent instance and the driver instance.
(Conditional) This section does not apply if Identity Applications is installed on the same machine as Identity Manager Engine and/or Remote Loader and you have already installed the common dependency patch to update OpenSSL.
From the Windows services, stop the IDM Apps Tomcat Service running on your Identity Applications server.
Download and extract the Identity_Manager_4.8.5_P1_Common_deps.zip file.
Navigate to the <extracted location>/common/Windows/x86_64 folder.
Run the NetIQ-OPENSSL.exe to update OpenSSL.
Press Windows + R on your keyboard, type services.msc and select OK to open the Windows Services interface. Search for the service names, NetIQ Nginx Service. Right-click the service and select the Restart option.
From the Windows services, start the IDM Apps Tomcat Service on your Identity Applications server.
Navigate to the Identity Manager installed folder on your machine, find the IdentityManager-3rdParty-license.txt file location. For example, C:\NetIQ\IDM\IdentityManager-3rdParty-license.txt
Download and extract the Identity_Manager_4.8.5.0100_Common_deps.zip file.
Navigate to the <extracted location>/common/license directory.
Copy the IdentityManager-3rdParty-license.txt file and replace it with the file in the location specified in Step 1.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in NetIQ Identity Manager 4.8 Service Pack 5 Release Notes. If you need further assistance with any issue, contact Technical Support.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal.
© 2022 NetIQ Corporation. All Rights Reserved.