Before you start your upgrade, make sure you have a clear picture of your Keyfactor Command architecture and all the parts that make up the environment, and carefully consider the following.
Roles
Identify all the servers that play a role in the Keyfactor Command environment, including whether you have duplicates of any server roles to support high availability, and make note of what role or roles will need upgrading on each one. Think about whether you want to make any changes to the architecture at this time, such as adding high availability, or consolidating roles.
Certificate Authorities
Keyfactor Command includes a constraint (introduced in version 9.0) that prevents any two certificate authorities from having the same logical name
The logical name of a CA is the common name given to the CA at the time it is created. For Microsoft CAs, this name can be seen at the top of the Certificate Authority MMC snap-in. It is part of the FQDN\Logical Name string that is used to refer to CAs when using command-line tools and in some Keyfactor Command configuration settings (e.g. ca2.keyexample.com\Corp Issuing CA Two). and host name The unique identifier that serves as name of a computer. It is sometimes presented as a fully qualified domain name (e.g. servername.keyexample.com) and sometimes just as a short name (e.g. servername). combination. Think about the logical name and host name of the CAs that will be implemented with Keyfactor Command and check for duplicates.
A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. applications, etc., then all of the others will be removed by the upgrade script. If more than one of the duplicates has any information associated with it, then the upgrade script will stop with an error. In that instance, you will need to manually fix the data before upgrading can proceed.Templates
Keyfactor Command 10.0 and later upgrades will fail if the database has duplicate templates, defined as:
-
Duplicate CommonName and Forest
An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers., or -
Duplicate OID
Object identifiers or OIDs are a standardized system for identifying any object, concept, or "thing" with a globally unambiguous persistent name. and Forest
This should be a rare case. If it does occur, contact Keyfactor support. Support will be able to identify the duplicate templates, save the desired templates, and remove the duplicates.