Validation Authority for Cryptographic Security Platform 1.0.0 has the following known issues.

This Validation Authority release focuses on dependency updates, not adding features or fixing bugs.

tsactl logs not forwarded to Splunk (EDM-13275)

When integrated with a Splunk server, PKI Hub does not forward logs recording tsactl commands. However, these logs can be browsed using the Grafana portal.

See Managing Log Forwarder for integrating a Splunk server or Browsing logs with Grafana for browsing logs in the Grafana portal.

Temporary Kubernetes pods may run after command completion (ATEAM-16336)

Temporary Kubernetes pods may run after the completion of an evactl command. These pods will be deleted when deploying and do not compromise the Entrust Validation Authority operation or the execution of more evactl commands. 

Running shims not moved after a node dies (PKIPM-1090)

When a node dies, Entrust Validation Authority does not move pod running shims to an alive node. Therefore, these shims stop updating the database.

Workaround:  Wait until the dead node returns, or kill the pod as follows. 

  1. List the pods.

    sudo kubectl get pods -n eva -o wide

  2. Kill the dead pod. For example:

    sudo kubectl -n eva delete pod --force eva-cagwshim-n-0

Newly deployed status after command execution (ATEAM-16337)

After running some evactl commands, the Management Console of PKI Hub displays Entrust Validation Authority as newly deployed.

Large kmdata files not supported  (ATEAM-16338)

The tsactl import-nshield command does not support kmdata files larger than ~100KB.

Database validation error (ATEAM-17466)

The Management Console displays a validation error when:

  1. Importing a configuration file containing a non-empty database sslValidationCert value.
  2. Setting the SSL Mode database configuration to disable.

Workaround: Delete the sslValidationCert value in the configuration file before importing it.