12.7.0.0 EEM upgrade fails, if the older release from which it is being upgraded from has TLS1.2 restrictions in the CA Directory configuration

 - Behavior is the same if the EEM upgrade is attempted standalone OR via AutoSys 24.1 ISO media (as part of AutoSys upgrade)

 - Existing CA Directory configuration was enforced to restrict to use TLS 1.2 protocol only via $DXHOME/config/ssld/itechpoz.dxc

protocols=tlsv12

/tmp/cawa_installer.log has an error like this:

2025-09-25 22:52:40,661 [main] DEBUG com.ca.eiam.common.os.ExecuteCommand(54) - Executing [[/tmp/713566.tmp/863380.tmp/capki4x/setup, install, caller=EEMServer]] from directory [/tmp/713566.tmp/863380.tmp/capki4x] wait [true]
2025-09-25 22:52:40,977 [main] DEBUG com.ca.eiam.common.os.ExecuteCommand(57) - Executing [[/bin/sh, -c, chown dsa:etrdir /opt/CA/SharedComponents/CADirectory/dxserver/config/ssld/itechpoz.dxc ]] wait [true]
2025-09-25 22:52:41,004 [main] INFO  com.ca.eiam.common.io.FilePermission(98) -
2025-09-25 22:52:41,012 [main] DEBUG com.ca.eiam.common.os.ExecuteCommand(54) - Executing [[/tmp/713566.tmp/863380.tmp/dxserver/install/dxsetup.sh, -responsefile, cadir.rsp]] from directory [/tmp/713566.tmp/863380.tmp/dxserver/install] wait [true]
2025-09-25 22:52:50,860 [main] DEBUG com.ca.wla.ae.installer.util.CommandUtil(130) - RetVal =253
2025-09-25 22:52:50,860 [main] INFO  com.ca.wla.ae.installer.mm.action.eem.InstallEEM(166) - EEM Upgrade exit code ...253
2025-09-25 22:52:50,860 [main] WARN  com.ca.wla.ae.installer.logger.LogHelper(52) - NonFatalException : W_AE_EEM_Failed_Installation_Error [CAUAJM_W_112133] Unable to install or upgrade the CA EEM server.

cadir_install_20250925225241.log

Thu Sep 25 10:52:41 PM UTC 2025
dxsetup
-responsefile /tmp/713566.tmp/863380.tmp/dxserver/install/cadir.rsp
============================= CURRENT INSTALLATION ============================
  No Directory DXagent detected
  No Directory Management UI detected
  Checking current install of DXserver... 14.1.04.17620
  No DXwebserver detected
============================= DXSERVER QUESTIONS ==============================
  The upgrade has detected an invalid and/or unsupported SSL protocol configuration and cannot continue.
  You must correct the SSL protocol configuration and then upgrade. Please contact CA Support for assistance.
  Installation terminated.
cd /opt/CA/SharedComponents/CADirectory/dxserver/config/ssld/
more itechpoz.dxc 
#
# eiam repository
#
set ssl = {
cert-dir = "config/ssld/personalities"
ca-file = "config/ssld/itechpoz-trusted.pem"
protocol = tlsv12v12
};

• TLS 1.2 protocol is being made a mandatory requirement as part of the EEM 12.7.0.0 upgrade
• Note: Problem only happens with 12.7.0.0  release if an upgrade of an existing EEM is being done where existing CA Directory was restricted to TLS 1.2 protocol
• To enforce this, the EEM upgrade process appends an additional string "v12"  at the end of existing  $DXHOME/config/ssld/itechpoz.dxc  ->  protocols=tls
• If existing  $DXHOME/config/ssld/itechpoz.dxc   already has     protocols=tlsv12    the upgrade incorrectly appends another v12 at the end, making it:    protocols=tlsv12v12   (which is an invalid protocol for CA Directory).  This makes the EEM upgrade process fail