A MID Server upgrading to a version that includes a JRE upgrade will have the whole \agent\jre folder replaced, and that will include the \agent\jre\lib\security\cacerts file that stores all SSL certificates used by Integrations, or to connect to the instance through a proxy.
e.g. An upgrade to/past Kingston Patch 14b Hotfix 1, London Patch 8 and Madrid will replace the /agent/jre folder with a new version based on OpenJDK.
As Java 8 is no longer supported, there will have to be another upgrade of the JRE to e.g 9/10/11 at some point in the the near future.
Steps to Reproduce
- Install a Kingston MID Server, which includes the Oracle JRE
- Using keystore.exe add a certificate to \agent\jre\lib\security\cacerts
- Upgrade the MID Server to Madrid
- A new empty cacerts file will overwrite the customer's file, loosing the ability to use those certificates.
This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available.
If you are aware of this problem beforehand, please move the JRE outside of the MID Server install folder(s), and then re-import your certificates:
- Stop the MID Server
- Before you upgrade look for cacerts file - backup the cacert file one level up of the JRE file
- Once upgrade is done copy the cacerts file back to its original location
If you have already lost the cacerts file, then you will need to Add SSL certificates for the MID Server again.
Related Problem: PRB1320637