See below the known issues common to all PKI Hub 1.4.0 installations.

Session expiration does not redirect to the login page (ATEAM-17362)

When a user session expires, the Management Console does not automatically redirect to the login page.

Installations with Certificate Enrollment Gateway cannot be restored (CSF-704 & EDM-18536)

PKI Hub installations with a deployed Certificate Enrollment Gateway do not support Restoring.

Workaround:

1. Contact Entrust support for a new version of the csf-backup-restore.sh script
2. Open a user session in any of the PKI Hub installation nodes.
3. Run the following commands to install the script. 
   sudo cp --force csf-backup-restore.sh /opt/entrust/scripts/rhel/

   sudo chmod 550 /opt/entrust/scripts/rhel/csf-backup-restore.sh

   sudo chown sysadmin:edm /opt/entrust/scripts/rhel/csf-backup-restore.sh
4. Follow the steps described in Restoring to restore the state.

Occasional restore failures of single-node installations (EDM-16171)

The process described in Restoring fails 75% of the time on single-node installations.

Workaround: Run the clusterctl uninstall command to uninstall the cluster, and re-try Restoring.

RTC configured in local time instead of UTC (EDM-19299)

In ISO-based installations of the PKI Hub, the system RTC (Real-Time Clock) is configured in local time instead of UTC (Coordinated Universal Time). 

Upgrade from previous versions not supported (EDM-19933)

PKI Hub 1.4.0 only supports greenfield installations, that is, it does not support upgrading from a previous version like PKI Hub 1.3.0.

nCipher wrapping key not detected (ATEAM-19125)

When deploying a solution that uses an nShield HSM, the deployer:

• Does not check whether a wrapping key exists.
• Does not create the key if it does not exist.

Workaround: See Running the generate-key.sh script.