Managing Container Identity Across Upgrades
Overview of the steps needed to correctly set up your container identity when upgrading to a new version of the platform.
Table of Contents
The upgrade instructions step you through the manual process of upgrading by:
- Installing the latest version of the product and creating new containers, but connecting to the existing database.
- Moving over the properties and settings from a container in your installation of the earlier version, to a new container.
When you configure a new container to replicate an existing container, as in #2 above, you must set up the identity of the new container to match the identity of the previous container. Then, the new container will perform the same role in your new installation as the previous container did in the earlier installation, and the identity is recognized.
The container identity is represented by the container certificate.
When you're creating a new container, for example during installation, you can use the platform's certificate generation capabilities to generate a self-signed certificate. However, it's best to use an external certificate, for these reasons:
- In a production environment you'll need to have a certificate signed by a Certificate Authority with a recognized chain of trust, such as Verisign, Comodo, GoDaddy, or DigiSign.
- You cannot export the private key and certificate from the container, to import to a new container, which is part of the upgrade process (see Upgrading Akana API Platform to Version 2019.1.x).
Updating the container identity as part of the upgrade process
It's best to:
- Generate keys and certificates outside the platform using an external tool such as Java keytool, with a recognized Certificate Authority and chain of trust. You will be uploading a .JKS or .P12 file.
- Store your keys and certificates in a secure location.
- After creating your container, upload your keys and certificate (JKS or P12 file) to the new container. In the Akana Administration Console for the container:
Go to Configuration > Manage PKI Keys and choose Import Private Key & X.509 Certificate. For detailed instructions, see Manage PKI Keys.
Note: This is covered in the upgrade instructions.
When it's time to upgrade, create the new container and upload the same keys and certificates.