Skip to main content
Skip table of contents

Upgrade Nexus OCSP Responder on Linux

This article includes updates for OCSP 6.4.1.

Prerequisites

  • For version 6.4.0 and later versions, Java Runtime Environment (64 bits) version 21 is mandatory.

  • Nexus OCSP Responder version 5.x, or later.

  • Create a backup for bin, certs, config, cils, crls and log contents before performing the upgrade.

Upgrade Nexus OCSP Responder

  1. Unpack the Nexus OCSP Responder distribution
    nexus-ocsp-linux-release-<Version>.zip

    1. Then unpack
      nexus-ocsp-linux-release-<version>\Installation\nexus-ocsp-linux-<Version>.tgz

  2. Stop the Nexus OCSP service.

    CODE 
    service nexus-ocsp stop

  3. Replace the files from nexus-ocsp-linux-<Version>.tgz.
    In <install_root>/lib:

    1. Remove all files in this directory from previous installations.

    2. Copy new jars form untarred lib folder.

    3. In <install_root>/bin:

      1. Replace all files except nexus-ocsp.conf and nexus-ocsp.sh with the new ones

  4. Version-specific instructions:

Remove legacy properties

Remove the property -Djava.library.path under JAVAFLAGS option in nexus-ocsp.conf if present.

Migrating to systemd from old SysVinit-based distributions

Remove the SysV OCSP service:

CODE 
chkconfig --del nexus-ocsp
rm /etc/init.d/nexus-ocsp

Install the systemd nexus-ocsp service by running the install.sh script (after running chmod a+x install.sh) with options -d -p -P -u -g in the unpacked distribution.

  1. Use option -h to view a description of the above options.

  2. To only install the nexus-ocsp.service, use the -d option.

Upgrading from 6.2.5 or earlier

Replace the following line in nexus-ocsp.conf:

CODE 
SERVICEARGUMENTS="-p <ocsp-config-dir>"

with 

CODE 
SERVICEARGUMENTS="-P <ocsp-config-dir>"
Upgrading from 6.3.x or earlier

If Java 21 is not installed as default Java, edit the file <install_root>/bin/nexus-ocsp.conf to add at the end of the file:

CODE 
JAVA=<path_to_bin_java_in_jre_21>

  1. Ensure the service user have execute permissions to the new files:

CODE 
chown -R ocspuser:ocspuser /opt/ocsp/

  1. Add new introduced parameters to adapt the old configuration in <install root>/conf with the new functionalities described in the release note, for each version in Nexus OCSP Responder.
    The reference configuration can be found in 
    nexus-ocsp-6.x/config/ocsp.conf in nexus-ocsp-linux-6.x.tgz.

  2. Start the Nexus OCSP service.

    CODE 
    service nexus-ocsp start

New parameters that must be added:

Nexus OCSP 6.4.1 specific parameters

The configuration parameter key.store.store.<#>.pin is now also enabled for use with PKCS #11 key stores. This is to enable support for the Utimaco CP5 HSM.
If currently having the "key.store.store.<#>.pin" parameter configured for a PKCS # 11 key store it may cause failure to login after upgrading. In such cases, the parameter may need to be removed, or the "key.store.store.<#>.tokenlabel" may need to be added.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close