See below to restore the state of a PKI Hub installation comprising one or several nodes.

As explained in Running clusterctl install, only installations in multi-node mode support state backup and restore, although such installations can indeed run on a single node.

Restoring the state of a PKI Hub installation comprising one node

See below to restore the PKI Hub status when installed in a single node.

To restore a PKI Hub installation with a node

  1. Reproduce the PKI Hub installation used for Backing up the PKI Hub state. Specifically:
    • Install the same PKI Hub version.
    • Set the node hostname and IP address as in the original installation.
  2. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, restore the device configuration as explained in Restoring the HSM
  3. If the solutions of the restored installation use databases, restore the database contents as explained in Restoring databases.

  4. In any installation node:

    1. Copy the file generated with the clusterctl backup create command when Backing up the PKI Hub state.

    2. Run the clusterctl backup restore command to restore the backup file. 
  5. Log into the Management Console and click Deploy for the CA Gateway solution (if deployed in the restored solution).

Restoring the state of a PKI Hub installation comprising several nodes

See below to restore the PKI Hub status when installed in several nodes.

To restore a PKI Hub installation with several nodes

  1. Reproduce the PKI Hub installation used for Backing up the PKI Hub state. Specifically:
    • Install the same PKI Hub version.
    • Add the same number of nodes as in the original installation.
    • Set the node hostname and IP address as in the original installation.
  2. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, restore the device configuration as explained in Restoring the HSM
  3. If the solutions of the restored installation use databases, restore the database contents as explained in Restoring databases.
  4. Import the license as explained in Setting or updating the license.
  5. Run the clusterctl certificate command to install the TLS certificate and key backup.
  6. Run the clusterctl volume capacity to restore the previous volume capacity policies.
  7. Run clusterctl retention config logs to restore the previous log retention period.
  8. Run clusterctl retention config metrics to restore the previous metric retention period.
  9. Run the clusterctl proxy set to restore the previous proxy settings.
  10. Follow the steps described in Restoring solution settings to restore and deploy the Gateway, Certificate Enrollment Gateway, and Certificate Hub solutions (if present in the restored installation).

  11. In any installation node:

    1. Copy the file generated with the clusterctl backup create command when Backing up the PKI Hub state.

    2. Run the clusterctl backup restore command to restore the backup file. 
  12. Log into the Management Console and click Deploy for the Certificate Authorities, Entrust Validation Authority, and Timestamping Authority solutions (if deployed in the restored solution).