Upgrade adoptOpenJDK java in ENTM/DS

book

Article ID: 209558

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

When installing AdoptOpenJDK together with PAM SC ENTM, version 1.8.0_212 is installed

 

>java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b04, mixed mode)

Whereas the lates 1.8 version available is 1.8.0_282, which contains several security fixes.

This article describes how to upgrade to the latest available 1.8.0 version.

Environment

PAM SC 14.0. PIM 14.0, ControlMinder 12.8 SP1 and PIM 12.9. All platforms and versions using AdoptopenJdK 

Resolution

This is not a certified process but basically within the same minor version the changes will be small compared to the existing version, so upgrade should work.

As a rule of thumb, upgrading builds within java versions (e.g. from adoptopenjdk build 1.8.0_212-b04 to build 1.8.0_282-b04) is supported and should work. However, take into consideration what follows.

The problem here is that when the product is installed on a server several variables such a path, name of binaries, etc reference the original java installation. So if the latest AdoptOpenJDK is installed to its own directories and made to configure its own path, jboss will fail to start because it will be looking in the wrong place

The solution is to make a copy of the old adoptopenjdk directory (e.g. C:\AdoptOpenJDK) and install  the lastest adoptopenjdk package  in the same folder as used initially by the original installation (for instance as mentioned C:\AdoptOpenJDK),  and reboot.

Additionally  RC4 in .\jdk1.8.0\jre\lib\security\java.security as specified in

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-identity-manager/14-0/implementing/install-the-enterprise-management-server/install-the-tibco-message-queue.html

That shoud allow application to work normally.

You can verify that indeed the lasted AdoptOpenJDK is the latest one by runing java -version at any command prompt.