Installing or updating CAST Imaging with certificate-based database authentication

Available in ≥ 3.4.1-funcrel

Overview

This section of documentation provides instructions for situations where you need to either install CAST Imaging from scratch or perform an in-place update to a new release and your CAST Storage Service/PostgreSQL instance(s) are already configured with certificate-based authentication.

Scenarios and actions are provided below.

Microsoft Windows

Before starting the installation or running an update to a new release you should ensure that for the CAST Storage Service/PostgreSQL instance that will be/is being used to store the control_panel schema and the keycloak_v3 database, the following is true:

Next ensure that the relevant .conf files from the CAST Imaging installer are correctly defined, in particular the following options (see Microsoft Windows installation variables):

  • CSS_SSL_ENABLED
  • CSS_SSL_MODE
  • CSS_SSL_ROOT_CERT
  • CSS_SSL_CERT
  • CSS_SSL_KEY
  • CSS_SSL_KEY_PEM
  • CSS_INI_FILE_PATH

These options ensure that the installer can work with a target CAST Storage Service/PostgreSQL instance configured with certificate-based authentication to create or interact with the control_panel schema and the keycloak_v3 database.

Note about additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication:

  • In a “from scratch” installation, additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication are added post-install for analysis data storage, following the instructions in Configuring certificate-based authentication
  • In an “update” scenario, any additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication that have been added for analysis data storage are not accessed during an in-place update to a new release

Linux via Docker

There is nothing specific to do when installing CAST Imaging from scratch or performing an in-place update to a new release because the bundled PostgreSQL instance (container) cannot be configured to function in encrypted mode and this instance is always used to store the persistence schema control-panel and the keycloak_v3 database. You should install and update as normal.