PKI Hub supports the following version upgrades.

Creating the cluster database

The following upgrades require creating a database.

As explained in Starting up the database, you can alternatively:

• Use a third‑party database that meets the PKI Hub third-party database requirements. You can create a new one or select the one you were already using for a deployed solution, such as Certificate Authority or Certificate Hub.
• Download and install PKI DB Appliance.

If you are upgrading from CSP 1.3.0 PKI Hub 1.4.0, you do not need to create a cluster database, as the upgraded system will use the existing database.

Upgrade process

See below for how to run the upgrade process.

To upgrade to CSP 1.4.0 PKI Hub 1.5.0

1. Follow the steps in Downloading the installation files to download the following file: 

   Cryptographic Security Platform 1.4 - PKI Hub 1.5 for VMWare vSphere, Hyper-V and Nutanix

    You need this ISO image file to upgrade any installation, ISO-based or non-ISO-based. ​

2. Back up the installation state as explained in section Backing up PKI Hub of the CSP 1.3.0 PKI Hub 1.4.0 guide.
3. Repeat the following steps on each PKI Hub node sequentially, ensuring that the steps are not performed on different nodes simultaneously. 
   1. Use an SFTP client to copy the PKI Hub ISO image file to the /home/sysadmin node folder. 
   2. Run the clusterctl upgrade command and wait for it to complete (around 2 hours) before proceeding to the next node.
4. Reboot each node sequentially, with at least 15 minutes before each reboot.
5. Back up the installation state as explained in section Backing up PKI Hub of this guide.

User roles after the upgrade

After completing the upgrade from CSP 1.2.0 PKI Hub 1.3.0 or CSP 1.2.1 PKI Hub 1.3.1, users who previously held the following discontinued roles are assigned the new IdpRole role.

• Manage Users
• Manage Roles
• Manage Identity Providers

Upgrades from Cryptographic Security Platform 1.3.0 - PKI Hub 1.4.0 do not alter role assignment.