Upgrade with TLS without Peer Verification
This process upgrades the following Tenable Identity Exposure components with custom TLS and without peer verification. It requires the "Expert mode" setting in the installation wizard.
Order of Upgrade
Upgrade the components in the following order:
After you upgrade the components, restart the machines in the following order:
-
Storage Manager
-
Security Engine Node
-
Directory Listener
-
On the local machine, run the installation file Tenable.ad_v3.59.x.exe.
A welcome screen appears.
-
In the setup language box, click the arrow to select the language for the installation, and click Next.
The Setup Wizard appears.
-
Click Next.
The Custom Setup window appears.
-
The installation program automatically preselects the Directory Listener component based on the previous installation. Click Next.
The TLS Options window appears.
-
Select the TLS with custom certificates without peer verification option.
-
Click Next.
The TLS certificates window appears.
-
Provide the following information:
-
Click Next.
The Security Engine Node window appears.
-
In the Host box for RabbitMQ, the installer shows the address or hostname of the SEN machine based on your previous installation. Check that this information remains valid and correct if necessary.
-
Click Next.
The Directory Listener window appears.
-
You have two options to install the Secure Relay on this Directory Listener:
-
Yes — After this installation completes, it launches the installer for the Secure Relay, which requires a linking key located in the Tenable Identity Exposure user interface under "Configuration > Relay". (See Secure Relay in the Tenable Identity Exposure Administrator Guide for more information.)
-
No — A message shows you the location of the Secure Relay installer to install it at a later time.
-
-
Click Next.
The Ready to Install window appears.
-
Click Install to begin the upgrade.
After the upgrade completes, the Completing the Tenable.ad Setup Wizard window appears.
-
Click Finish.
A dialog box asks you to restart your machine.
-
Click No.
Caution: Do NOT reboot the server now. -
Upgrade the Security Engine Node (SEN).
-
On the local machine, run the installation file Tenable.ad_v3.59.x.exe.
A welcome screen appears.
-
In the setup language box, click the arrow to select the language for the installation, and click Next.
The Setup Wizard appears.
-
Select the Expert Mode checkbox.
-
Click Next.
The Custom Setup window appears.
-
The installation program automatically preselects the Security Engine Node feature based on the previous installation. Click Next.
The TLS Options window appears.
-
Select the TLS with custom certificates without peer verification option.
Caution: Remember to update the Event Logs Storage IP or hostname address during this step. Failing to do so leads to attack detection issues. If you have successfully completed this screen and upgraded the SEN, you must update the environment variables for ALSID_CASSIOPEIA_CYGNI_Service__EventLogsStorage__Host and ALSID_CASSIOPEIA_EVENT_LOGS_DECODER_Service__EventLogsStorage__Host from the current value to the accurate value for <Storage Manager hostname or IP address>. For more information, see the Troubleshooting knowledge base article. -
Click Next.
The TLS certificates window appears.
-
Provide the following information:
-
In the Server PFX Archive box, click ... to browse to your PFX archive.
-
In the PFX Password box, type the password for the PFX file.
-
In the CA Cert File box, click ... to browse to your CA certificate file.
-
-
Click Next.
The Storage Manager window appears.
-
The installer shows the IP address or hostname of your MSSQL database from your previous installation. Check that it remains valid and correct if necessary. Click Next.
Note: If you change the SA password since the previous installation, the installer requires it to follow the syntax described in Strong Passwords for the SQL Server.Caution: Remember to update the Event Logs Storage IP or hostname address during this step. Failing to do so leads to attack detection issues. If you have successfully completed this screen and upgraded the SEN, you must update the environment variables for ALSID_CASSIOPEIA_CYGNI_Service__EventLogsStorage__Host and ALSID_CASSIOPEIA_EVENT_LOGS_DECODER_Service__EventLogsStorage__Host from the current value to the accurate value for <Storage Manager hostname or IP address>. For more information, see the Troubleshooting knowledge base article. -
Click Next.
The Security Engine Node window appears.
-
In the DNS name or IP box, the installer shows the IP address of the web server that end users type to access Tenable Identity Exposure from your previous installation. Check that this remains valid and correct if necessary.
Note: By default, the installation process creates a self-signed certificate with the DNS name or the IP address that you entered. For more information, see Change the IIS Certificate.
-
Click Next.
The Directory Listener window appears.
-
In the Ceti box, type the IP address or configured FQDN for the machine hosting the service in charge of the initial collection of AD objects (crawling) and of subscribing to replication flows.
-
Click Next.
The Ready to Install window appears.
-
On the local machine, run the installation file Tenable.ad_v3.59.x.exe.
A welcome screen appears.
-
In the setup language box, click the arrow to select the language for the installation, and click Next.
The Setup Wizard appears.
-
Click Next.
The Custom Setup window appears.
-
The installation program automatically preselects the Storage Manager component based on the previous installation. Click Next.
-
(Optional) Click Browse to change the installation folder location. Change only the drive letter.
The TLS Options window appears.
-
Select the TLS with custom certificates without peer verification option.
-
Click Next.
The TLS certificates window appears.
-
Provide the following information:
-
In the Server PFX Archive box, click ... to browse to your PFX archive.
-
In the PFX Password box, type the password for the PFX file.
-
-
Click Next.
The Storage Manager window appears.
-
The installer reuses the information from your previous installation. Click Next
Note: If you change the SA password since the previous installation, the installer requires it to follow the syntax described in Strong Passwords for the SQL Server.
-
Click Install to begin the upgrade.
After the upgrade completes, the Completing the Tenable.ad Setup Wizard window appears.
-
Click Finish.
A dialog box asks you to restart your machine.
-
Click Yes.
The machine restarts.