Close popover

Table of Contents

Checking for revoked hotfix files for offline systems

If you do not use third-party tools to verify hotfix files for Pega Platform 8.5 or later with no outbound URL connection, you can still make sure that the Pega hotfix files have not been revoked before you install them. Check for revoked hotfix files by manually loading a certificate revocation list (CRL) to verify the certificate. Because CRLs expire frequently, you need to load the list each time before you install a hotfix.

Checking for revoked hotfix files is recommended only when you are installing hotfix files on a system that does not allow outbound URL connections and you are not using third-party tools to verify the files. This method only checks to make sure that your hotfix files have not been revoked by Pega and does not verify the signature with the digital certificate provider.
  1. Run the downloadAndPackageCRLs.sh or downloadAndPackageCRLs.bat script in the scripts directory of the distribution image, with an output directory as the only command line argument.

    ./downloadAndPackageCRLs.sh /output/directory

    The current CRLs are downloaded from the URLs embedded in the script, packaged into a CRLs.jar file, and placed in the output directory.
  2. Import the produced CRLs.jar file by using the import wizard. By default, this file is imported into the Customer code set; however, any active code set is acceptable.

    For more information, see Importing rules and data by using the Import wizard.

  3. Restart all the application servers in the cluster (or at least the ones that will be used for installing hotfixes) for the changes to take effect.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.