New Features and Changes in Cloudera Navigator Key Trustee Server

An issue has been fixed. See Issues Fixed in Cloudera Navigator Key Trustee Server 5.15.0.

An issue has been fixed. See Issues Fixed in Cloudera Navigator Key Trustee Server 5.14.0.

An issue has been fixed. See Issues Fixed in Cloudera Navigator Key Trustee Server 5.13.0.

An issue has been fixed. See Issues Fixed in Cloudera Navigator Key Trustee Server 5.10.1.

• Key Trustee Server supports RHEL 7.3.
• Key Trustee Server supports OEL 6.8, 7.2, and 7.3.
• Key Trustee Server supports modifying the supported ciphers and protocols for TLS.

• Key Trustee Server supports RHEL 6.8.
• Running the Key Trustee Server backup script now backs up necessary hardware security module (HSM) configuration files.
• Key Trustee Server supports rolling restart in Cloudera Manager.

• When adding the parcel-based Key Trustee Server service for the first time, Cloudera Manager automatically backs up Key Trustee Server locally and schedules ongoing hourly local backups using cron. For more information, see 6. Add a Key Trustee Server Service.
• The Key Trustee Server backup script (ktbackup.sh) adds a new option, --roll, which specifies the number of backups to retain. For more information, see Backing Up Key Trustee Server and Key Trustee KMS Using the ktbackup.sh Script.

An issue has also been fixed. For more information, see Issues Fixed in Cloudera Navigator Key Trustee Server 5.8.0.

• A backup script (ktbackup.sh) is included with Key Trustee Server. See Backing Up and Restoring Key Trustee Server and Clients for more information.
• Parcel-based Key Trustee Server logs an error message at startup if the keytrustee.conf file is malformed.
• Error logging is improved for connection and certificate errors with Key Trustee Server connecting to Key HSM.

A number of issues have also been fixed. See Issues Fixed in Cloudera Navigator Key Trustee Server 5.7.0.

• The ktadmin command has a new --passphrase option to allow migration of existing keys from a Key Trustee Server with a password-protected private key to an HSM. See Integrating Key HSM with Key Trustee Server for more information.

An issue has also been fixed. See Issues Fixed in Cloudera Navigator Key Trustee Server 5.5.2.

• Key Trustee Server supports RHEL 7.
• Key Trustee Server supports password-protected SSL certificates.
• TLS/SSL certificate file paths are configurable in Cloudera Manager.

A number of issues have also been fixed. See Issues Fixed in Cloudera Navigator Key Trustee Server 5.5.0.

An issue has been fixed. See Issues Fixed in Cloudera Navigator Key Trustee Server 5.4.9.

A number of issues have been fixed. See Issues Fixed in Cloudera Navigator Key Trustee Server 5.4.3.

• Key Trustee Server can be installed and managed using Cloudera Manager. See Installing Cloudera Navigator Key Trustee Server for more information.
• Existing keys stored in Key Trustee Server can be migrated to a Hardware Security Module (HSM) using Navigator Key HSM. See Integrating Key HSM with Key Trustee Server for more information.

• Attempting to start the keytrusteed service using the service command when Key Trustee Server is already running now reports success with a message indicating that the service is already running.

The ktadmin keyhsm command can be used to update Key Trustee Server certificate information for Key HSM

The ktadmin keyhsm command can be used to update Key Trustee Server certificate information for Key HSM instead of manually modifying keytrustee.conf. See Integrating Key HSM with Key Trustee Server for more information.

Key Trustee Server can be installed using Cloudera Manager without a CSD

Key Trustee Server no longer requires a Custom Service Descriptor (CSD) file.

All processes run as a single user

All Key Trustee Server processes now run as a single non-root user (keytrustee by default).

Key Trustee Server processes use a single port

Key Trustee Server processes (with the exception of the backing PostgreSQL database) now use a single port (11371 by default). See Upgrading Cloudera Navigator Key Trustee Server for more information.