How to upgrade the BCHSM Agent?

book

Article ID: 169079

calendar_today

Updated On:

Products

Asset Management Solution Data Center Security Monitoring Edition SSL Visibility Appliance Software

Issue/Introduction

Resolution

In order to upgrade from version 1.5 to 1.6 of the BCHSM agent the recommended best practice is to  completely ‘undeploy’ the current version and then deploy the new version.  Following this procedure should not impact any existing private key material stored within the HSM.

Prerequisites
  • Download the Agent v1.6 tarball and extract its contents. (Go to the SGOS GA  or SSLv GA release download page to find the agent)
  • Do a chmod 777 on the files to make them executable.
  • SCP the files over to the SP you want to upgrade:
scp bcprov-jdk15on-150.jar [email protected]<IP address>:
scp csr.jar  [email protected]<IP address>:
scp delete.jar  [email protected]<IP address>:
scp hsm.war [email protected]<IP address>:
scp key.jar  [email protected]<IP address>:
scp ListObjects.jar [email protected]<IP address>:
scp showcert.jar [email protected]<IP address>:
scp bcpkix-jdk15on-150.jar [email protected]<IP address>:
  • Now login to the SP’s cli ‘lunash’ and issue the following… Note that to restart the services you’ll need the PED connected and the appropriate keys available
halt the services on the HSM server - spadmin halt all

Undeply the existing agent issue the following commands
spadmin undeploy -name bcpkcs
spadmin undeploy -name bcmain
spadmin undeploy -name bc_webapp
spadmin undeploy -name deleteKey
spadmin undeploy -name genKey
spadmin undeploy -name showCSR
spadmin undeploy -name showCertificate
spadmin undeploy -name listObjects


                                                       

Deploy the new agent issue the following commands on the Luna CLI.
spadmin deploy webapp -autoStart true -file hsm.war -name bc_webapp
spadmin start webService

spadmin deploy library -name bcmain -file bcprov-jdk15on-150.jar -addtocp true
spadmin deploy library -name bcpkcs -file bcpkix-jdk15on-150.jar -addtocp true
spadmin deploy application -name genKey -file key.jar -startClass GenKey -autoStart false
spadmin deploy application -name showCSR -file csr.jar -startClass GenCSR -autoStart false
spadmin deploy application -name deleteKey -file delete.jar -startClass DeleteKey -autoStart false
spadmin deploy application -name showCertificate -file showcert.jar -startClass ShowCert -autoStart false

spadmin deploy application -name listObjects -file ListObjects.jar -startClass ListObjects -autoStart false

 
At this point the files should be succesfully deployed.  To verify check version with the following command on the Luna CLI:
sp showCSR
 
You should get the following output:
Executing Bluecoat's GenCSR CLI version: 1.6_199216
Usage: java -jar GenCSR <keyLabel>
NOTE: keyLabel should be within quotes

Command Result : 0 (Success)


You may also browse to the following URL .. http://<LunaSP_IP>:8080/hsm and verify that the first line corresponds to the new version.  For example -> ‘Running Bluecoat Webserver Version: 1.6_199216