See below the known issues common to all PKI Hub 1.2.0 installations for Cryptographic Security Platform 1.1.0.
- User names are case insensitive (ATEAM-17300)
- Session expiration does not redirect to the login page (ATEAM-17362)
- Installations with Certificate Enrollment Gateway cannot be restored (CSF-704 & EDM-18536)
- Occasional restore failures of single-node installations (EDM-16171)
- Upgrade process is not idempotent (EDM-18747)
- CVE-2026-31431 Vulnerability (EDM-21489)
User names are case insensitive (ATEAM-17300)
When creating a user, the Management Console does not enforce the username to be lowercase.
Management Console operations may raise an error after logging in with a username in uppercase.
Session expiration does not redirect to the login page (ATEAM-17362)
When a user session expires, the Management Console does not automatically redirect to the login page.
Installations with Certificate Enrollment Gateway cannot be restored (CSF-704 & EDM-18536)
PKI Hub installations with a deployed Certificate Enrollment Gateway do not support Restoring.
Workaround:
- Contact Entrust support for a new version of the
csf-backup-restore.shscript - Open a user session in any of the PKI Hub installation nodes.
- Run the following commands to install the script.
sudo cp --force csf-backup-restore.sh /opt/entrust/scripts/rhel/sudo chmod 550 /opt/entrust/scripts/rhel/csf-backup-restore.shsudo chown sysadmin:edm /opt/entrust/scripts/rhel/csf-backup-restore.sh - Follow the steps described in Restoring to restore the state.
Occasional restore failures of single-node installations (EDM-16171)
The process described in Restoring fails 75% of the time on single-node installations.
Workaround: Run the clusterctl uninstall command to uninstall the cluster, and re-try Restoring.
Upgrade process is not idempotent (EDM-18747)
Due to behavior in the drain step, this upgrade path is not idempotent.
From version | To version |
|---|---|
Cryptographic Security Platform 1.0 - PKI Hub 1.1 | Cryptographic Security Platform 1.1 - PKI Hub 1.2 |
If this upgrade fails, use the following workaround to restore the initial state before retrying:
- List all
StatefulSetsacross namespaces.sudo kubectl get statefulsets --all-namespaces --output jsonpath='{range .items[*]}{.metadata.namespace}{"\t"}{.metadata.name}{"\t"}{.status.replicas}{"\n"}{end}' - Scale any
StatefulSetwithreplicas = 0back up to 1.sudo kubectl scale --namespace auth-service statefulset auth-service --replicas1 - Check all pods.
sudo kubectl get pods -A - When all pods are ready, retry the upgrade.
CVE-2026-31431 Vulnerability (EDM-21489)
The Linux kernel used in PKI Hub is affected by the CVE-2026-31431 vulnerability.