SIteminder Upgrade for vulnerability
search cancel

SIteminder Upgrade for vulnerability


Article ID: 204137


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER


Please pass to Australia Support Timezone


It mentioned that I can upgrade the access gateway to 12.8 for resolving the openssl and apache vulnerability?


  Can I download below 12.8 SP04 Access Gateway


SSO Access Gateway r12.8 SP04


  To fixing the openssl and apache vulnerability , instead of using the 2 x packages provided by case 32328995 ?


  And for the upgrade,

  Currently , we have two policy servers and 2  x SPS on failover mode.


  Is followings approach ok for doing the upgrade without downtime?


  1. Stop Policy Server 02
  2. Upgrade Policy Server 02
  3. Reboot Policy Server 02
  4. Stop Policy Server 01
  5. Upgrade Policy Server 01
  6. Reboot Policy Server 01
  7. Stop SPS 01
  8. Upgrade SPS 01 and reboot
  9. Stop SPS 02
  10. Upgrade SPS 02 and reboot

  Please also sharing the upgrade documents for Siteminder Policy and SPS.

  Thanks so much.


Release : 12.8



What you suggest for upgrading the policy server is actually what we recommend:

The policy server should always be of the same or higher version than the Access Gateway you want to use with it.

Once you have upgraded the policy servers you can upgrade the access gateways one at a time:

So, your plan is a good one.