See below for the known issues common to all PKI Hub 1.1.0 installations on Cryptographic Security Platform 1.0.0.

Occasional restore failures of single-node installations (EDM-16171)

The process described in Restoring the state fails 75% of the time on single node installations.

Workaround: Run the clusterctl uninstall command to uninstall the cluster and re-try Restoring the state.

Session expiration does not redirect to the login page (ATEAM-17362)

When a user session expires, the Management Console does not automatically redirect to the login page.

Upgrade process is not idempotent (EDM-18747)

Due to behavior in the drain step, this upgrade path is not idempotent.

From version

To version

Cryptographic Security Platform 1.0 - PKI Hub 1.1

Cryptographic Security Platform 1.1 - PKI Hub 1.2

If this upgrade fails, use the following workaround to restore the initial state before retrying:

  1. List all StatefulSets across namespaces. 
    sudo kubectl get statefulsets --all-namespaces --output jsonpath='{range .items[*]}{.metadata.namespace}{"\t"}{.metadata.name}{"\t"}{.status.replicas}{"\n"}{end}'
  2. Scale any StatefulSet with replicas = 0 back up to 1.  
    sudo kubectl scale --namespace auth-service statefulset auth-service --replicas 1
  3. Check all pods. 
    sudo kubectl get pods -A
     
  4. When all pods are ready, retry the upgrade.

CVE-2026-31431 Vulnerability (EDM-21489)

The Linux kernel used in PKI Hub is affected by the CVE-2026-31431 vulnerability.