Upgrade Nexus OCSP Responder on Linux
This article includes updates for Nexus OCSP Responder 6.3.0.
This article describes how to upgrade Nexus OCSP Responder on Linux.
Prerequisites
Upgrade to Nexus OCSP Responder 6.2.2 and later is only supported from version 5.x or later.
Create a backup for bin, certs, config, cils, crls and log contents before performing the upgrade.
Upgrade Nexus OCSP Responder
Unpack the Nexus OCSP Responder distribution nexus-ocsp-linux-release-6.x.zip into any desired directory.
Stop the Nexus OCSP service.
CODE» service nexus-ocsp stop
In <install_root>/lib:
Replace all jar files with the ones found in the lib directory in nexus-ocsp-linux-6.x.tgz in the unpacked distribution.
Remove all files in this directory from previous installations.
In <install_root>/bin:
Replace all files except nexus-ocsp.conf and nexus-ocsp-launchd.sh with the ones found in nexus-ocsp-linux-6.x.tgz.
If upgrading from OCSP 6.2.5 or earlier, replace the following line in nexus-ocsp.conf:
CODESERVICEARGUMENTS="-p <ocsp-config-dir>"
with
CODESERVICEARGUMENTS="-P <ocsp-config-dir>"
Remove the property "-Djava.library.path" under JAVAFLAGS option in nexus-ocsp.conf file in <install_root>/bin.
Change the file owner of the new files to the service user that executes the service.
For example:CODEchown -R ocspuser:ocspuser /opt/nexus/ocsp/
If not done in previous upgrade: Remove the SysV OCSP service:
CODE» chkconfig --del nexus-ocsp » rm /etc/init.d/nexus-ocsp
If not done in previous upgrade: Install the systemd OCSP service by running the install.sh script (after running
chmod a+x install.sh
) with options-d -p -P -u -g
in the unpacked distribution. Use option-h
to view a description of the above options.
To only install the nexus-ocsp.service, use the -d
option.
Optional: Adapt the old configuration in <install root>/conf with the new functionality, described in the release note, in Nexus OCSP Responder. The reference configuration can be found in nexus-ocsp-6.x/config/ocsp.conf in nexus-ocsp-linux-6.x.tgz.
Optional: If Java 17 is not installed as default Java:
Edit the file <install_root>/bin/ nexus-ocsp.conf
Add this line at the end of the file:
CODEJAVA=<path_to_bin_java_in_jre_17>
Start the Nexus OCSP service.
CODE// Start » service nexus-ocsp start