Description:
If you have custom CA root certs in your MEM monitor (for LDAP for example), they will be overwritten when you upgrade. The upgrader currently only tells you where your old and new cert bundles/keystores are, giving you no instructions on how to move them into the new keystore. This should be documented in the MEM manual, and the page shows in the upgrader warning message.
Additional info: http://bugs.mysql.com/bug.php?id=55505
How to repeat:
N/A
Suggested fix:
Add instructions to the manual and link them from the upgrader. Here is an example:
========
Assuming we only need to import 1 root CA we can issue the following command:
shell> pwd
/opt/mysql/enterprise/monitor/java/bin
shell> ./keytool -importkeystore
-srckeystore /opt/mysql/enterprise/monitor/backup/java/lib/security/cacerts
-destkeystore /opt/mysql/enterprise/monitor/java/lib/security/cacerts
-srcstorepass changeit -deststorepass changeit
-srcalias myorigrootca -destalias myrootca
The default password for keystores in Java is "changeit". Users might however have
changed it ;)
We'll always need the myorigrootca alias to extract the original root CA from the backed
up keystore. We can opt to store it in the newly installed keystore with the same alias.
========
