Upgrading Cloudera Navigator Key Trustee Server 7.1.x
How to upgrade Cloudera Navigator Key Trustee Server 7.1.x.
You must create an internal repository to install or upgrade the Cloudera Navigator
data encryption components. For instructions on creating internal repositories, see
the following topic:
From CDP Private Cloud Base 7.1.6, the KEYTRUSTEE_SERVER parcel is available in the same location in which the Cloudera runtime parcel is placed. If you have configured the parcel repository for CDP Private Cloud Base upgrade, the KEYTRUSTEE_SERVER parcel is displayed automatically.
Upgrading Cloudera Navigator Key Trustee Server 7.1.x Using Cloudera Manager
Minimum Required Role: Cluster Administrator (also provided by Full Administrator)
- Stop the KTS service from CM.
- Navigate to the location /var/lib/keytrustee/.keytrustee/.ssl/
cd /var/lib/keytrustee/.keytrustee/.ssl/
- Backup the cert files ssl-cert-keytrustee-pk.pem and ssl-cert-keytrustee.pem
mv ssl-cert-keytrustee-pk.pem ssl-cert-keytrustee-pk_backup.pem mv ssl-cert-keytrustee.pem ssl-cert-keytrustee_backup.pem
- Re generate the cert file using the
command:
ktadmin init
- Configure the keyhsm to trust the new cert
file.
keyhsm trust /var/lib/keytrustee/.keytrustee/.ssl/ssl-cert-keytrustee.pem
- For testing and validation execute the following
command:
curl -vk https://$(hostname-f):11371/test_hsm
- Configure the keyhsm to trust the new cert
file.
- Start the KTS service from CM.