Knowledge Base

Solution

Note: DigiCert PKI Enterprise Gateway - Local Key Escrow and Recovery Service (LKMS) version 1.22.1 and onwards make use of Log4j v2 by default.

DigiCert PKI Enterprise Gateway - Local Key Escrow and Recovery Service (LKMS) has been updated with the below changes:

• Upgraded all third-party libraries (including Log4j) to the latest versions
• Support for Microsoft SQL Server 2017 or 2019 as a data store
  
  

Updated LKMS WAR and enterpriseLog4j properties files are uploaded within this article.

Download the 'escrow-recovery-service.war' and 'enterpriseLog4j.properties' files, and follow the below instructions to upgrade LKMS service:

1. Go to the '<Tomcat>\bin' directory
2. Run 'stop_kmsws.bat' to stop the Tomcat web server from hosting the Local Key Escrow and Recovery Service
3. Go to the '<Tomcat>\conf' directory
4. Take a backup of the 'enterpriseLog4j.properties' file
5. Place the updated 'enterpriseLog4j.properties' file
6. Go to the '<Tomcat>\webapps' directory
7. Move 'escrow-recovery-service' directory and 'escrow-recovery-service.war' file to the 'temp' directory
8. Place the updated 'escrow-recovery-service.war' file under '<Tomcat>\webapps' directory
9. Go to '<Tomcat>\bin' directory
10. Run 'start_kmsws.bat' to start the Tomcat web server hosting, the Local Key Escrow and Recovery Service
11. Verify that the service started successfully and you can enroll for an escrowed certificate and recover it. If no issues are encountered, delete the backed-up files from the 'temp' directory

SHA1(escrow-recovery-service.war) = 93f7d6751228442c45ea5b07ff11e9a22eb34c3f

If you have any queries or concerns, please contact PKI Support.