Before upgrading Trust Protection Platform or the Server Agent

Consider the following before upgrading either Trust Protection Platform or the Server Agent.

  • If you are upgrading to the latest Server Agent from a version other than one of the supported versions, you first need to upgrade to a version on the supported upgrade path, and then upgrade to the latest version. For additional upgrade considerations, see Important Considerations before upgrading Venafi Platform.

  • RHEL server upgrades. While most users typically deploy a new OS image and then install the agent on that server, RHEL servers upgraded in place to RHEL 9+ must have the Server Agent 24.1+ installed fresh, not via in-place Server Agent upgrade. For servers running RHEL 9 or newer, Venafi Server Agent 24.1+ is required. Server Agent 24.1+ is compatible with earlier RHEL versions without any issues.

  • Server Agent upgrade and compatibility is guaranteed for two (2) years from a version's original release date according to Trust Protection Platform upgrade options. For more information, see Venafi Product Life Cycle.

  • Server Agent version numbers correspond with the Trust Protection Platform version number. For example, Server Agent version 24.1 shipped with Trust Protection Platform version 24.1. If you're not sure which version of the Server Agent is installed on a system, see Determining which version of the Server Agent is installed.
  • Verify that the features you need are supported by the Trust Protection Platform version and the Server Agent version that you are upgrading to. The following features are available on all currently-supported versions of Server Agent:

    • Agent Upgrade
    • Append file ACL on Windows when provisioning files

    • CAPI support for dynamic provisioning
    • Certificate Discovery
    • Certificate Installation in CAPI
    • Certificate Installation to a file
    • Cloud provider instance ID and region detection
    • Connectivity
    • Device Placement
    • Dynamic Provisioning

    • IIS Binding
    • iPlanet SQLite-based keystore discovery
    • Onboard Validation
    • Send full discovery results on demand
    • Set CAPI trustee during installation
    • Set file permissions on UNIX systems during installation
    • SSH Key Discovery
    • SSH Key Installation
    • SSH Key Usage
    • Validation of keystore ownership and permissions (Unix and Linux)