Installing or updating CAST Imaging with certificate-based database authentication

Available in ≥ 3.4.1-funcrel

This documentation is valid for situations where you need to install or update CAST Imaging and your PostgreSQL/CAST Storage Service(s) is already using certificate based authentication. See this documentation if you need to add a new PostgreSQL/CAST Storage Service configured with certificate based authentication to an existing CAST Imaging installation.

Overview

This section of documentation provides instructions for situations where you need to either install CAST Imaging from scratch or perform an in-place update to a new release and your CAST Storage Service/PostgreSQL instance(s) are already configured with certificate-based authentication with these modes:

require
verify-full
verify-ca

Scenarios and actions are provided below.

Microsoft Windows

Before starting the installation or running an update to a new release you should ensure that for the CAST Storage Service/PostgreSQL instance that will be/is being used to store the control_panel schema and the keycloak_v3 database, the following is true:

you have generated the server (required) and client (optional - not needed for require mode) certificates/keys as described in Step 1 - Generate certificates and keys.
you have configured the target CAST Storage Service/PostgreSQL as described in Step 2 - Configure CAST Storage Service/PostgreSQL.
you have created an .ini file and an environment variable CASTCONNECTIONEXTRAPARAMETERS as described in Step 3 - Configure CAST components. Note that for require mode, only the following is required:

[host:port]
ssl=true
sslmode=require

Next ensure that the relevant .conf files from the CAST Imaging installer are correctly defined, in particular the following options (see Microsoft Windows installation variables):

CSS_SSL_ENABLED
CSS_SSL_MODE
CSS_SSL_ROOT_CERT
CSS_SSL_CERT
CSS_SSL_KEY
CSS_SSL_KEY_PEM
CSS_INI_FILE_PATH

These options ensure that the installer can work with a target CAST Storage Service/PostgreSQL instance configured with certificate-based authentication to create or interact with the control_panel schema and the keycloak_v3 database.

Note about additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication:

In a “from scratch” installation, additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication are added post-install for analysis data storage, following the instructions in Configuring certificate-based authentication.
In an “update” scenario, any additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication that have been added for analysis data storage only are not accessed during an in-place update to a new release.

Linux via Docker

There is nothing specific to do when installing CAST Imaging from scratch or performing an in-place update to a new release because the bundled PostgreSQL instance (container) cannot be configured to function in encrypted mode and this instance is always used to store the persistence schema control-panel and the keycloak_v3 database. You should install and update as normal.