This hotfix contains updates to the NICI and OpenSSL components.
This release includes updates to the following components:
This hotfix contains an updated version of NICI (3.2.0) which has a different FIPS 140-2 validated cryptography library with an active certificate.
This hotfix includes an updated version of OpenSSL (1.0.2y).
You must have the following versions at a minimum to apply this hotfix:
eDirectory 9.2.4
iManager 3.2.4
Identity Manager 4.8.3
When two or more Identity Manager components are installed on the same server, you must stop the corresponding services before updating to this hotfix. For example, if Identity Vault and iManager are installed on the same server, you must stop the Identity Vault and the iManager Tomcat services before performing an update.
This hotfix requires you to update the following components based on your requirement.
You can update the Identity Vault as a root or non-root user.
Run the following command to stop the Identity Vault instance:
ndsmanage stopall
Download and extract the eDirectory-9.2.4-HF1.zip file.
Navigate to the <HF extracted location>/Linux directory.
Run the following command:
rpm -Uvh patterns-edirectory-9.2.4-1.x86_64.rpm nici64-3.2.0-0.x86_64.rpm netiq-openssl-1.0.2y-0.x86_64.rpm
Run the following command to start the Identity Vault instance:
ndsmanage startall
Log in as a non-root user on the server where Identity Vault is installed.
Run the following command to stop the Identity Vault instance:
ndsmanage stopall
Log in as a root user and perform the following steps:
Download and extract the eDirectory-9.2.4-HF1.zip file.
Navigate to the <HF extracted location>/Linux directory.
Run the following command:
rpm -Uvh nici64-3.2.0-0.x86_64.rpm
Copy the nonroot.tar.gz file to the location where Identity Vault is installed. For example, /home/ediruser.
Log in as a non-root user.
Navigate to the location where Identity Vault is installed. For example, /home/ediruser.
Extract the nonroot.tar.gz file.
tar -xvf nonroot.tar.gz
Run the following command to start the Identity Vault instance.
ndsmanage startall
NOTE:Before updating the Remote Loader, ensure that the following components are stopped:
Remote Loader instance
Driver instance running with the Remote Loader
Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.
Navigate to the <HF extracted location>/common/Linux directory.
(Conditional) If you are running a 64-bit Remote Loader, navigate to the x86_64 directory and run the following commands:
rpm -Uvh nici64-3.2.0-0.00.x86_64.rpm
rpm -Uvh netiq-openssl-1.0.2y.x86_64.rpm
(Conditional) If you are running a 32-bit Remote Loader, navigate to the i586 directory and run the following command:
rpm -Uvh netiq-openssl-32bit-1.0.2y.x86_64.rpm
Start the Remote Loader instance and the driver instance.
NOTE:Before updating the Fanout Agent, ensure that the following components are stopped:
Fanout Agent instance
Driver instance
Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.
Navigate to the <HF extracted location>/common/Linux/x86_64 directory.
Run the following command to update NICI:
rpm -Uvh nici64-3.2.0-0.00.x86_64.rpm
Start the Fanout Agent instance and the driver instance.
Stop the iManager Tomcat instance:
rcnovell-tomcat9 stop
Download and extract the iManager-3.2.4-HF1.zip file.
Navigate to the <HF extracted location>/Linux/ directory.
Run the following commands:
rpm -Uvh netiq-openssl-1.0.2y-0.x86_64.rpm
rpm -Uvh nici64-3.2.0-0.x86_64.rpm
Start the iManager Tomcat instance.
rcnovell-tomcat9 start
Stop the Tomcat service.
systemctl stop netiq-tomcat.service
Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.
Navigate to the <HF extracted location>/common/Linux/x86_64 directory.
Run the following command to update OpenSSL:
rpm -Uvh netiq-openssl-1.0.2y.x86_64.rpm
Restart the NGINX service:
systemctl restart netiq-nginx.service
(Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following command to restart PostgreSQL.
systemctl restart netiq-postgresql.service
Start the Tomcat service:
systemctl start netiq-tomcat.service
This hotfix does not contain any updates for Identity Reporting.
When two or more Identity Manager components are installed on the same server, you must stop the corresponding services before updating to this hotfix. For example, if Identity Vault and iManager are installed on the same server, you must stop the Identity Vault and the iManager Tomcat services before performing an update.
This hotfix requires you to update the following components based on your requirement.
Stop the Identity Vault service.
Download and extract the eDirectory-9.2.4-HF1.zip file.
Navigate to the <HF extracted location>\Windows directory.
Copy all the files to the location where Identity Vault is installed. For example, C:\NetIQ\eDirectory.
Run the NICI_wx64.msi to upgrade NICI.
Start the Identity Vault service.
NOTE:Before updating the Remote Loader, ensure that you perform the following steps:
Stop the Remote Loader instance
Stop the Driver instances running with the Remote Loader
Close the Remote Loader Console
Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.
(Conditional) If you are running a 64-bit Remote Loader, perform the following steps:
Navigate to the <Identity Manager installed location>\Common\OpenSSL folder.
Back up the libeay32.dll and ssleay32.dll files.
Open command prompt and navigate to the <HF extracted location>\common\Windows\x86_64 folder.
Run the NetIQ-OPENSSL.exe:
NetIQ-OPENSSL.exe -i PRODUCT_NAME=IDM PRODUCT_VERSION=4.8.3.0 STAND_ALONE_UPGRADE=true
(Conditional) If Remote Loader is running on a standalone server, perform the following steps:
Navigate to the <HF extracted location\common\Windows\x86_64 folder.
Run the NICI_wx64.msi to upgrade NICI.
(Conditional) If you are running a 32-bit Remote Loader, perform the following steps:
Navigate to the <Identity Manager installed location>\RemoteLoader\32bit folder.
Back up the libeay32.dll and ssleay32.dll files.
Navigate to the <HF extracted location>\common\Windows\i586 folder.
Copy the libeay32.dll and ssleay32.dll files to the <Identity Manager installed location>\RemoteLoader\32bit folder.
Run the NICI_w32.msi to upgrade NICI.
Start the Remote Loader instance and the driver instance.
This procedure applies only if Fanout Agent is installed on a standalone server.
NOTE:Before updating the Fanout Agent, ensure that the following components are stopped:
Fanout Agent instance
Driver instance
Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.
Navigate to the <HF extracted location>\common\Windows\x86_64 directory.
Run the NICI_wx64.msi to upgrade NICI.
Start the Fanout Agent instance and the driver instance.
Log in to the server where iManager is installed.
Stop the Tomcat service.
Navigate to the location where iManager is installed. For example, <Identity Manager installed location>\IDM\iManager\Tomcat\webapps\nps\WEB-INF\bin\windows.
Back up the libeay32.dll, ssleay32.dll, openssl_checksum.txt and openssl_checksum.txt.asc files.
Download and extract the iManager-3.2.4-HF1.zip file.
Navigate to the <HF extracted location>\Windows folder.
Copy the libeay32.dll, ssleay32.dll, openssl_checksum.txt and openssl_checksum.txt.asc files to the path where iManager is installed.
For example, <Identity Manager install location>\IDM\iManager\Tomcat\webapps\nps\WEB-INF\bin\windows.
Navigate to the <HF extracted location>\Windows folder.
Run the NICI_wx64.msi file.
Start the Tomcat service.
NOTE:This procedure applies only if you are using the PostgreSQL shipped with Identity Manager and you are running PostgreSQL 12.2 or later versions.
Log in to the server where PostgreSQL is installed.
Navigate to the location where PostgreSQL is installed. For example, C:\NetIQ\IDM\postgres.
Navigate to the bin folder and back up the libeay32.dll and ssleay32.dll files.
Stop the NetIQ PostgreSQL service.
Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.
Navigate to the <HF extracted location>\common\Windows\x86_64 folder.
Copy the libeay32.dll and ssleay32.dll files to the path where PostgreSQL is installed. For example, C:\NetIQ\IDM\postgres\bin.
Start the NetIQ PostgreSQL service.
This hotfix does not contain any updates for Identity Applications.
This hotfix does not contain any updates for Identity Reporting.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in NetIQ Identity Manager 4.8 Release Notes. If you need further assistance with any issue, contact Technical Support.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
© 2021 NetIQ Corporation. All Rights Reserved.