Info: Important considerations before upgrading to Venafi Trust Protection Platform 15.2

Applies to:

Venafi Trust Protection Platform 15.2.0


The release of Venafi Trust Protection Platform 15.2.0 brings new features likes Smart Config, which uses Server Agent Discovery and F5 Onboard Discovery to automatically configure certificates, devices, and applications within your Venafi Inventory.  Please carefully read through this Knowledgbase Article prior to upgrading. For detailed upgrade steps, please refer to the ReadMe.rtf document that is packaged with Venafi Trust Protection Platform 15.2.0.

Please carefully read through the entire list of considerations before upgrading your production environment of Venafi Trust Protection Platform to version 15.2.0

More Information on Venafi Trust Protection Platform 15.2.0 Life Cycle:

More Info:

Supported Upgrade Path

To upgrade to Venafi Trust Protection Platform 15.2.0, your current installation must be on at least Trust Protection Platform 14.1.0 or greater.  

The following table shows the supported upgrade paths. It outlines which versions of Venafi can upgrade directly to Venafi Trust Protection Platform 15.2.0, and which versions need to be updated to an intermediate version prior to the final upgrade.

Warning: It may be possible to successfully upgrade directly to Venafi Trust Protection Platform 15.2.0 on versions not outlined on the table below, but those upgrade paths have not been fully tested.***  

Note: If your environment currently has deprecated KMIP agents, your upgrade path will be different. See section KMIP Deprecation.

Current Version

Upgrade Step 

Final Version

Director 14.1.2 N/A Venafi Trust Protection
Platform 15.2.0
Trust Protection
Platform 14.2.12
N/A Venafi Trust Protection
Platform 15.2.0

Trust Protection
Platform 14.3.8

N/A Venafi Trust Protection
Platform 15.2.0

Trust Protection
Platform 14.4.5

N/A Venafi Trust Protection
Platform 15.2.0

Trust Protection
Platform 15.1.0

N/A Venafi Trust Protection
Platform 15.2.0


Important Note for SSH Customers

Due to re-architecting of the SSH product between 14.4 and 15.1, direct or automatic upgrades are not supported from 14.x.x to 15.2.0.  For customers using the SSH Product in production environments, please contact Venafi Professional Services (see for assistance with upgrades.  If you are using the SSH product in a sandbox or development environment, we recommend that you not upgrade but instead install with a clean/new database. SSH Customers using 15.1.0 can follow normal upgrade steps to upgrade to 15.2.0.

Agent Certificate Discovery

Due to changes in the configuration of work that the Venafi Server Agent does during certificate discovery, agents will stop performing certificate discovery until your Device Placement work has been configured and assigned to all applicable agents.  Certificate Discovery work also needs to be updated to have certificate placement rules applied. Agents will not start or continue certificate discovery until these two configuration items have been completed in Aperture.

Click here for more information about changes to Server Agent in 15.2:

Change in Hardware Requirements

Version 15.1.0 of the Venafi Platform brings large architecture changes in both the core platform and the User Interfaces for increased performance and scalability.  In 15.1, the product is able to support 1,000,000 certificates and 1,000,000 keys.  Increasing the amount of keys and certificates the platform and user interfaces support required a change in hardware requirements not only for the Venafi Platform servers, but also for the database servers as well.  This is because processing was optimized so that more calculations are done on the database level. Please carefully review the new Venafi Server and Database Server requirements before upgrading to 15.2.0.

15.2.0 System Requirements:

Required Version of Oracle Server and Oracle Client

Oracle 10g is no longer supported as an Oracle Server version.  The minimum required Oracle Server Version is Oracle 11g Release 2 (  The minimum required Oracle Client is ODAC 12c Release 3 (

15.1 System Requirements:

Change in Requirements for Database Service Account Permissions

Many permissions and other calculations have been moved from the Platform Server to the database server.  Because of this change, the database service account that the Venafi Platform uses now requires "Execute" permissions in addition to DataReader and DataWriter.  Please see the following two attached example scripts for assigning the correct permissions to the database service account.


IIS5 Deprecation

IIS5 has been deprecated in Venafi Trust Protection Platform 14.3.  Any IIS5 Application objects will be converted to "Basic" Application objects.  If your organization has Windows 2000 servers hosting web sites on IIS5, it is urgently suggested that you upgrade to a secure version of the Windows Server operating system that is supported by both Microsoft and Venafi.
Note: Microsoft Windows Server 2000 extended support ended on July 13, 2010 (end of life).

Supported Browsers

Venafi Trust Protection Platform 15.1 supports Internet Explorer 10 and Firefox 24 ESR and is compatible with the latest version of Google Chrome.  Unexpected behavior may occur using an unsupported browser when using any of the Venafi web consoles. Prior to upgrading your production environment to 15.2, make sure your Venafi user base has a supported or compatible browser version available to them or perform your own testing on other browsers you use. Aperture is not supported with Internet Explorer 8 and will not fully-function.

See Article: Why we deprecated Internet Explorer 8 

KMIP Deprecation

Starting in 14.3, the KMIP module has been completely removed.  If you have Venafi Agents that are using the KMIP (ex. Agent 3.2 or 3.3) DO NOT UPGRADE TO Venafi Trust Protection Platform 15.1.  The ability to upgrade agents from KMIP to REST is only available in 14.2.
Stay on 14.2 and completely migrate your Venafi Agents to the 14.2 REST agent before upgrading to Venafi Trust Protection Platform 15.1

For more information on how to upgrade from KMIP to REST agent in 14.2, see

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request