Upgrade with TLS without Peer Verification
This process upgrades the following Tenable Identity Exposure components with custom TLS and without peer verification. It requires the "Expert mode" setting in the installation wizard.
Order of Upgrade
Upgrade the components in the following order:
After you upgrade the components, restart the machines in the following order:
-
Storage Manager
-
Security Engine Node
-
Directory Listener

-
On the local machine, run the installation file Tenable.ad_v3.29.x.exe.
A welcome screen appears.
-
In the setup language box, click the arrow to select the language for the installation, and click Next.
The Setup Wizard appears.
-
Click Next.
The Custom Setup window appears.
-
The installation program automatically preselects the Directory Listener component based on the previous installation. Click Next.
The TLS Options window appears.
-
Select the TLS with custom certificates without peer verification option.
-
Click Next.
The TLS certificates window appears.
-
Nothing is required in this screen. Click Next.
The Security Engine Node window appears.
-
In the IP box for RabbitMQ, the installer shows the address or host name of the SEN machine based on your previous installation. Check that this information remains valid and correct if necessary.
-
Click Next.
The Directory Listener window appears.
-
In the Subnets box, type the subnet address for the Directory Listener. For multiple subnets, use a comma to separate the addresses.
-
Click Next.
The Ready to Install window appears.
-
Click Install to begin the upgrade.
After the upgrade completes, the Completing the Tenable.ad Setup Wizard window appears.
-
Click Finish.
A dialog box asks you to restart your machine.
-
Click No.
Caution: Do NOT reboot the server now. -
Upgrade the Security Engine Node (SEN).

-
On the local machine, run the installation file Tenable.ad_v3.29.x.exe.
A welcome screen appears.
-
In the setup language box, click the arrow to select the language for the installation, and click Next.
The Setup Wizard appears.
-
Select the Expert Mode checkbox.
-
Click Next.
The Custom Setup window appears.
-
The installation program automatically preselects the Security Engine Node feature based on the previous installation. Click Next.
The TLS Options window appears.
-
Select the TLS with custom certificates without peer verification option.
Caution: Remember to update the Event Logs Storage IP or host name address during this step. Failing to do so leads to attack detection issues. If you have successfully completed this screen and upgraded the SEN, you must update the environment variables for ALSID_CASSIOPEIA_CYGNI_Service__EventLogsStorage__Host and ALSID_CASSIOPEIA_EVENT_LOGS_DECODER_Service__EventLogsStorage__Host from the current value to the accurate value for <Storage Manager host name or IP address>. For more information, see the Troubleshooting knowledge base article. -
Click Next.
The TLS certificates window appears.
-
Provide the following information:
-
In the Server PFX Archive box, click ... to browse to your PFX archive.
-
In the PFX Password box, type the password for the PFX file.
-
In the CA Cert File box, click ... to browse to your CA certificate file.
-
-
Click Next.
The Storage Manager window appears.
-
The installer shows the IP address or host name of your MSSQL database from your previous installation. Check that it remains valid and correct if necessary. Click Next.
Note: If you change the SA password since the previous installation, the installer requires it to follow the syntax described in Strong Passwords for the SQL Server.Caution: Remember to update the Event Logs Storage IP or host name address during this step. Failing to do so leads to attack detection issues. If you have successfully completed this screen and upgraded the SEN, you must update the environment variables for ALSID_CASSIOPEIA_CYGNI_Service__EventLogsStorage__Host and ALSID_CASSIOPEIA_EVENT_LOGS_DECODER_Service__EventLogsStorage__Host from the current value to the accurate value for <Storage Manager host name or IP address>. For more information, see the Troubleshooting knowledge base article. -
Click Next.
The Security Engine Node window appears.
-
In the DNS name or IP box, the installer shows the IP address of the web server that end users type to access Tenable Identity Exposure from your previous installation. Check that this remains valid and correct if necessary.
Note: By default, the installation process creates a self-signed certificate with the DNS name or the IP address that you entered. For more information, see Change the IIS Certificate.

-
On the local machine, run the installation file Tenable.ad_v3.29.x.exe.
A welcome screen appears.
-
In the setup language box, click the arrow to select the language for the installation, and click Next.
The Setup Wizard appears.
-
Click Next.
The Custom Setup window appears.
-
The installation program automatically preselects the Storage Manager component based on the previous installation. Click Next.
-
(Optional) Click Browse to change the installation folder location. Change only the drive letter.
The TLS Options window appears.
-
Select the TLS with custom certificates without peer verification option.
-
Click Next.
The TLS certificates window appears.
-
Provide the following information:
-
In the Server PFX Archive box, click ... to browse to your PFX archive.
-
In the PFX Password box, type the password for the PFX file.
-
-
Click Next.
The Storage Manager window appears.
-
The installer reuses the information from your previous installation. Click Next
Note: If you change the SA password since the previous installation, the installer requires it to follow the syntax described in Strong Passwords for the SQL Server.
-
Click Install to begin the upgrade.
After the upgrade completes, the Completing the Tenable.ad Setup Wizard window appears.
-
Click Finish.
A dialog box asks you to restart your machine.
-
Click Yes.
The machine restarts.