If you are upgrading from older versions prior to 6.8u5, the certificates file provided with the Java installation is overwritten during the upgrade. If you have custom certificates stored in this file (such as for an LDAP server configuration), those certificates will also be overwritten. Starting in version 6.6u1, the M&R platform software provides a new means for importing those certificates so they are not lost during the upgrade.

If you have previously imported your LDAP SSL certificates, VMware Smart Assurance recommends that you allow the upgrade to overwrite the certificates. Once this is done, you can import the certificates again using the new method (described in the "Importing custom certificates into the JRE" section of the M&R Security Configuration Guide. The new method not only survives upgrades, but also improves overall security as any changes to the default trust store that ships with Java will be reflected in your environment.

If you are unable to import the certificates using this new method, you may manually migrate the certificates, but you will not gain the benefits of the new procedure. To manually migrate the certificates, you must save the certificates file before the upgrade, and restore the file after the upgrade.


  1. To save the certificates file before the upgrade, go to this directory: ${APG INSTALL DIRECTORY}/Java/Sun-JRE/<Java version>/lib/security.
    For example, cd /opt/APG/Java/Sun-JRE/<Java version>/lib/security.
  2. Copy the cacerts file to a safe place. (Do not use the Java installation directory because it will be deleted and replaced by the new installation.)
    For example, cp cacerts /var/tmp/cacerts.