See below the known issues common to all PKI Hub 1.2.0 installations for Cryptographic Security Platform 1.1.0.

User names are case insensitive (ATEAM-17300)

When creating a user, the Management Console does not enforce the username to be lowercase.

Management Console operations may raise an error after logging in with a username in uppercase.

Session expiration does not redirect to the login page (ATEAM-17362)

When a user session expires, the Management Console does not automatically redirect to the login page.

Installations with Certificate Enrollment Gateway cannot be restored (CSF-704 & EDM-18536)

PKI Hub installations with a deployed Certificate Enrollment Gateway do not support Restoring.

Workaround:

  1. Contact Entrust support for a new version of the csf-backup-restore.sh script
  2. Open a user session in any of the PKI Hub installation nodes.
  3. Run the following commands to install the script. 
    sudo cp --force csf-backup-restore.sh /opt/entrust/scripts/rhel/
    sudo chmod 550 /opt/entrust/scripts/rhel/csf-backup-restore.sh
    sudo chown sysadmin:edm /opt/entrust/scripts/rhel/csf-backup-restore.sh
  4. Follow the steps described in Restoring to restore the state.

Occasional restore failures of single-node installations (EDM-16171)

The process described in Restoring fails 75% of the time on single-node installations.

Workaround: Run the clusterctl uninstall command to uninstall the cluster, and re-try Restoring.

Upgrade process is not idempotent (EDM-18747)

Due to behavior in the drain step, this upgrade path is not idempotent.

From version

To version

Cryptographic Security Platform 1.0 - PKI Hub 1.1

Cryptographic Security Platform 1.1 - PKI Hub 1.2

If this upgrade fails, use the following workaround to restore the initial state before retrying:

  1. List all StatefulSets across namespaces. 
    sudo kubectl get statefulsets --all-namespaces --output jsonpath='{range .items[*]}{.metadata.namespace}{"\t"}{.metadata.name}{"\t"}{.status.replicas}{"\n"}{end}'
  2. Scale any StatefulSet with replicas = 0 back up to 1.  
    sudo kubectl scale --namespace auth-service statefulset auth-service --replicas 1
  3. Check all pods. 
    sudo kubectl get pods -A
     
  4. When all pods are ready, retry the upgrade.

CVE-2026-31431 Vulnerability (EDM-21489)

The Linux kernel used in PKI Hub is affected by the CVE-2026-31431 vulnerability.