How to Migrate Access Point from OpenJDK 8 to OpenJDK 11?

Starting from version 1.3.0 the Harmony Access Point uses OpenJDK 11 for new installations by default. Versions prior to version 1.3.0 support only OpenJDK 8.

When upgrading to version 1.3.0 from an older version, the Java runtime version isn't updated automatically during the Access Point version upgrade. Instead, a manual migration is required. First, upgrade the Harmony Access Point to version 1.3.0 or later and then complete the following steps described in this article.

 Instructions

Please follow the steps below to complete the migration.

1. Stop the Access Point.

   1. sudo systemctl stop harmony-ap

2. Install OpenJDK 11.

   1. sudo apt install openjdk-11-jre-headless

3. Remove OpenJDK 8.

   1. sudo apt remove openjdk-8-jre-headless

4. Rename existing keystore and truststore files.

   1. sudo mv /etc/harmony-ap/ap-keystore.jks /etc/harmony-ap/ap-keystore.jks.BACKUP sudo mv /etc/harmony-ap/tls-keystore.jks /etc/harmony-ap/tls-keystore.jks.BACKUP sudo mv /etc/harmony-ap/ap-truststore.jks /etc/harmony-ap/ap-truststore.jks.BACKUP sudo mv /etc/harmony-ap/tls-truststore.jks /etc/harmony-ap/tls-truststore.jks.BACKUP

5. Get the passwords of the keystores and trustores from Harmony configuration files. The locations of different passwords are explained in the Access Point Installation Guide.

6. Regenerate keystores and truststores with the keystore.pkcs12.legacy property. Replace the <ap_keystore_password>, <tls_keystore_password>, <ap_truststore_password> and <tls_truststore_password> placeholders with the existing passwords copied from the configuration files.

   1. sudo keytool -J-Dkeystore.pkcs12.legacy -importkeystore -srckeystore /etc/harmony-ap/ap-keystore.jks.BACKUP -srcstorepass <ap_keystore_password> -destkeystore /etc/harmony-ap/ap-keystore.jks -storepass <ap_keystore_password> -srcstoretype PKCS12 -deststoretype PKCS12 sudo keytool -J-Dkeystore.pkcs12.legacy -importkeystore -srckeystore /etc/harmony-ap/tls-keystore.jks.BACKUP -srcstorepass <tls_keystore_password> -destkeystore /etc/harmony-ap/tls-keystore.jks -storepass <tls_keystore_password> -srcstoretype PKCS12 -deststoretype PKCS12 sudo keytool -J-Dkeystore.pkcs12.legacy -importkeystore -srckeystore /etc/harmony-ap/ap-truststore.jks.BACKUP -srcstorepass <ap_truststore_password> -destkeystore /etc/harmony-ap/ap-truststore.jks -storepass <ap_truststore_password> -srcstoretype PKCS12 -deststoretype PKCS12 sudo keytool -J-Dkeystore.pkcs12.legacy -importkeystore -srckeystore /etc/harmony-ap/tls-truststore.jks.BACKUP -srcstorepass <tls_truststore_password> -destkeystore /etc/harmony-ap/tls-truststore.jks -storepass <tls_truststore_password> -srcstoretype PKCS12 -deststoretype PKCS12

7. Set file permissions of the regenerated keystores and truststores.

   1. sudo chown harmony-ap:harmony-ap /etc/harmony-ap/ap-keystore.jks sudo chmod 0751 /etc/harmony-ap/ap-keystore.jks sudo chown harmony-ap:harmony-ap /etc/harmony-ap/tls-keystore.jks sudo chmod 0751 /etc/harmony-ap/tls-keystore.jks sudo chown harmony-ap:harmony-ap /etc/harmony-ap/ap-truststore.jks sudo chmod 0751 /etc/harmony-ap/ap-truststore.jks sudo chown harmony-ap:harmony-ap /etc/harmony-ap/tls-truststore.jks sudo chmod 0751 /etc/harmony-ap/tls-truststore.jks

8. Restart the Access Point.

   1. sudo systemctl start harmony-ap

9. Send a test message to see that everything works.

10. Remove the keystore and truststore backup files.

    1. sudo rm -f /etc/harmony-ap/ap-keystore.jks.BACKUP sudo rm -f /etc/harmony-ap/tls-keystore.jks.BACKUP sudo rm -f /etc/harmony-ap/ap-truststore.jks.BACKUP sudo rm -f /etc/harmony-ap/tls-truststore.jks.BACKUP

 Related articles