Installing or updating CAST Imaging with certificate-based database authentication

Available in ≥ 3.4.1-funcrel

Overview

This section of documentation provides instructions for situations where you need to either install CAST Imaging from scratch or perform an in-place update to a new release and your CAST Storage Service/PostgreSQL instance(s) are already configured with certificate-based authentication.

Scenarios and actions are provided below.

Microsoft Windows

Before starting the installation or running an update to a new release you should ensure that for the CAST Storage Service/PostgreSQL instance that will be/is being used to store the control_panel schema and the keycloak_v3 database, the following is true:

you have generated the server and client certificates and keys as described in Step 1 - Generate certificates and keys.
you have configured the target CAST Storage Service/PostgreSQL as described in Step 2 - Configure CAST Storage Service/PostgreSQL.
you have created an .ini file and an environment variable CASTCONNECTIONEXTRAPARAMETERS as described in Step 3 - Configure CAST components.

Next ensure that the relevant .conf files from the CAST Imaging installer are correctly defined, in particular the following options (see Microsoft Windows installation variables):

CSS_SSL_ENABLED
CSS_SSL_MODE
CSS_SSL_ROOT_CERT
CSS_SSL_CERT
CSS_SSL_KEY
CSS_SSL_KEY_PEM
CSS_INI_FILE_PATH

These options ensure that the installer can work with a target CAST Storage Service/PostgreSQL instance configured with certificate-based authentication to create or interact with the control_panel schema and the keycloak_v3 database.

Note about additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication:

In a “from scratch” installation, additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication are added post-install for analysis data storage, following the instructions in Configuring certificate-based authentication
In an “update” scenario, any additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication that have been added for analysis data storage are not accessed during an in-place update to a new release

Linux via Docker

There is nothing specific to do when installing CAST Imaging from scratch or performing an in-place update to a new release because the bundled PostgreSQL instance (container) cannot be configured to function in encrypted mode and this instance is always used to store the persistence schema control-panel and the keycloak_v3 database. You should install and update as normal.