Confirm the Architecture

Before you start your upgrade, make sure you have a clear picture of your Keyfactor Command architecture and all the parts that make up the environment, and carefully consider the following.

Roles

Identify all the servers that play a role in the Keyfactor Command environment, including whether you have duplicates of any server roles to support high availability, and make note of what role or roles will need upgrading on each one. Think about whether you want to make any changes to the architecture at this time, such as adding high availability, or consolidating roles.

Certificate Authorities

Keyfactor Command includes a constraint (introduced in version 9.0) that prevents any two certificate authorities from having the same logical name and host name combination. Think about the logical name and host name of the CAs that will be implemented with Keyfactor Command and check for duplicates.

Important:  During upgrade, if duplicates are found, then among the duplicates, if there is only one that has any information tied to it, such as certificates, API applications, etc., then all of the others will be removed by the upgrade script. If more than one of the duplicates has any information associated with it, then the upgrade script will stop with an error. In that instance, you will need to manually fix the data before upgrading can proceed.
Templates

Keyfactor Command 10.0 and later upgrades will fail if the database has duplicate templates, defined as:

  • Duplicate CommonName and Forest, or

  • Duplicate OID and Forest

This should be a rare case. If it does occur, contact Keyfactor support. Support will be able to identify the duplicate templates, save the desired templates, and remove the duplicates.