Managing Container Identity Across Upgrades

Overview of the steps needed to correctly set up your container identity when upgrading to a new version of the platform.


Table of Contents


Overview

The upgrade instructions step you through the manual process of upgrading by:

  1. Installing the latest version of the product and creating new containers, but connecting to the existing database.
  2. Moving over the properties and settings from a container in your installation of the earlier version, to a new container.

When you configure a new container to replicate an existing container, as in #2 above, you must set up the identity of the new container to match the identity of the previous container. Then, the new container will perform the same role in your new installation as the previous container did in the earlier installation, and the identity is recognized.

The container identity is represented by the container certificate.

When you're creating a new container, for example during installation, you can use the platform's certificate generation capabilities to generate a self-signed certificate. However, it's best to use an external certificate, for these reasons:

Updating the container identity as part of the upgrade process

It's best to:

  1. Generate keys and certificates outside the platform using an external tool such as Java keytool, with a recognized Certificate Authority and chain of trust. You will be uploading a .JKS or .P12 file.
  2. Store your keys and certificates in a secure location.
  3. After creating your container, upload your keys and certificate (JKS or P12 file) to the new container. In the Akana Administration Console for the container:

    Go to Configuration > Manage PKI Keys and choose Import Private Key & X.509 Certificate. For detailed instructions, see Manage PKI Keys.

    Note: This is covered in the upgrade instructions.

When it's time to upgrade, create the new container and upload the same keys and certificates.