November 29, 2023 /Administration /Adobe Connect 12 /Adobe Connect 12.2 /Adobe Connect 12.4 /Clustering /Connect Server /Critical vulnerability /General /Install /LDAP /Security /SSL /Uncategorized / Frank DeRienzo, MBA

On-premise Adobe Connect Server Updaters may Overwrite the Cacerts Keystore and cause LDAPS to Fail

Note: This article contains images. You may need to refresh the WordPress page in your browser to view them.

Some of the Adobe Connect on-premise server updaters contain an update to the Tomcat application server. When you upgrade Tomcat, you must restore any configuration files you have edited therein. They will all get overwritten by a Tomcat version update. Not all the Adobe Connect on-premise updaters contain updates to Tomcat. Here is an example (11.4.7) that does:

Changes made when updating Tomcat may be broader than just the cacerts keystore, but the keystore being overwritten is always something that customers running LDAPS need to consider when applying an updater or upgrade.

Re-importing the certs to the keystore is one solution, but it is easier by far to copy/paste the working keystore from the server itself. Before running the updater simply backup the cacerts directory and restore it after applying the updater.

\Connect\11.x\jre\lib\security\cacerts

The technote for setting up LDAPS is here: Configure Connect Directory Services to use LDAPS

Overwriting the keystore may also affect other secure functions. See the following technotes for further reference:

Connect on-premise: Event Emails may fail to be sent

Troubleshooting On-premise Telephony SSL Handshake

Configuring Secure SQL with Connect

SSL Configuration Checklist for Connect with AEM-based Events