Before you upgrade
Fulfill these requirements before upgrading Directory Services software, especially before upgrading the software in a production environment. Also refer to the requirements listed in release notes.
DS software supports the following Java environments:
OpenJDK, including OpenJDK-based distributions:
ForgeRock tests most extensively with AdoptOpenJDK/Eclipse Temurin.
ForgeRock recommends using the HotSpot JVM.
(1) DS requires Java 11.0.6 or later. Earlier Java 11 updates lack required cryptography fixes.
TLS 1.3 with PKCS#11 requires Java 11.0.8 or later.
Encrypting data at rest with the
ChaCha20-Poly1305ciphers and compatibility with third-party cryptographic tools require Java 11.0.12 or later.
(2) DS requires Java 17.0.3 or later. Earlier Java 17 updates lack required cryptography fixes.
TLS cipher support depends solely on the JVM. For details, refer to TLS settings.
|Always use a JVM with the latest security fixes.|
If the server uses an older version that is no longer supported, install a newer Java version before upgrading.
To enable the server to use the newer Java version,
default.java-home setting in the
Perform the upgrade procedure as the user who owns the server files.
Make sure you have the credentials to run commands as this user.
Back up first
Before upgrading, perform a full file system backup of the current server so that you can revert on failure. Make sure you stop the directory server and back up the file system directory where the current server is installed.
Backup archives are not guaranteed to be compatible across major and minor server releases. Restore backups only on directory servers of the same major or minor version.