Only Certificate Manager installations migrated from older versions support an internal database—that is, a database running on the same host as the application. See below for switching from an internal database to an external one.

Run the steps below in the same version of Certificate Manager that will use the database.

Exporting the database contents

On any Cryptographic Security Platform installation node, open an SSH session and set the following environment variables.

Variable

Value

KUBECTL

kubectl

NAMESPACE

certhub

POSTGRES_DB

certhub

POSTGRES_PWD

The value of the Database User Password configuration parameter described in Configuring and deploying Certificate Manager.

POSTGRES_USER

The value of the Database User Name configuration parameter described in Configuring and deploying Certificate Manager.

Run the following commands

now=$(date +"%m_%d_%Y")
$KUBECTL exec deployment/postgres -n "$NAMESPACE" -- bash -c "export PGPASSWORD=$POSTGRES_PWD; pg_dump -d $POSTGRES_DB -U $POSTGRES_USER" > "db-backup-$now.sql"

Restoring the database contents

Perform the following steps on an external host to restore the database contents.

To restore the database contents on an external host

  1. Install the PostgreSQL version described in Database requirements.
  2. Copy the db-backup-<date>.sql backup file generated when Exporting the database contents.
  3. Set the following environment variables to the values described in Exporting the database contents.
    • POSTGRES_DB
    • POSTGRES_PWD
    • POSTGRES_USER 
  4. Run the following command. 
    export PGPASSWORD=$POSTGRES_PWD; psql -d $POSTGRES_DB -U $POSTGRES_USER -f db-backup-<date>.sql

Applying the database changes to Certificate Manager

Complete database migration by performing the following operations on Cryptographic Security Platform.

To apply the database changes to Certificate Manager

  1. Log in to the Management Console.
  2. Update the database configuration parameters described in Configuring and deploying Certificate Manager to match the new external database.
  3. Redeploy Certificate Manager to make the changes effective.
  4. Wait while the redeployment with the external database is complete.
  5. Open an SSH session as an administrator.
  6. Manually remove the PostgreSQL pod.