When upgrading the AdminUI, if a custom key store is used (custom SSL cert), the upgrade will overwrite it with a default key store containing a self-signed SSL cert.

Siteminder AdminUI 12.8.x

This is by design as there is currently no code in the upgrade installer to upgrade the custom key store.

-Backup the keystore file (.jks file - if unsure of the file name, reference the 'path' parameter in the Keystore line of standalone-full.xml)
-Take note of the certificate alias in the standalone-full.xml file (default is Tomcat - this is the Alias parameter value in the Keystore line)
-Perform the upgrade
-Shut down AdminUI service if running
-Restore the keystore jks file
-Update standalone-full.xml to point to the original alias and filename (path parameter)
-Restart AdminUI service

The standalone-full.xml file is in the /siteminder/adminui/standalone/configuration folder.  The keystore file is also in this folder.