EJBCA Cloud Upgrade

Guide

Print date: 2017-12-18

EJBCA Cloud Upgrade Guide

2( )10

Table of Contents

Introduction _______________________________________________________________________ 3

Documentation __________________________________________________________________ 3

Overview ________________________________________________________________________ 4

Upgrade Procedure ________________________________________________________________ 5

Currently used EJBCA version ______________________________________________________ 5

Backup Existing Instance __________________________________________________________ 6

Copy Backup to New Instance ______________________________________________________ 7

Restore Backup on New Instance ___________________________________________________ 10

EJBCA Cloud Upgrade Guide

3( )10

Introduction

This document is intended to show an administrator of a PrimeKey EJBCA Enterprise Cloud Edition

hourly instance how to upgrade a node from one version of EJBCA to another.

Documentation

The EJBCA documentation for EJBCA Enterprise Edition is available on https://download.primekey.se

./docs/EJBCA-Enterprise/latest/

Additional documentation for EJBCA Community Edition is available on .https://www.ejbca.org/docs/

EJBCA Cloud Upgrade Guide

4( )10

Overview

This guide describes how to upgrade from one version of EJBCA to another instance with a newer

version.

The EJBCA Cloud instances that are purchased on an hourly basis, are designed to be terminated

after an upgrade to a new instance is made. Instance termination avoids a detailed upgrade process in

place of running a backup and restore script.

In the example used in this guide, the source host is running EJBCA 6.9.1 and the destination host is

running EJBCA 6.10.0:

The has an elastic (public) IP of:source host running EJBCA 6.9.1

.ec2-34-229-187-81.compute-1.amazonaws.com

The has an elastic (public) IP of:destination host running EJBCA 6.10.0

.ec2-52-23-217-245.compute-1.amazonaws.co

When the upgrade is complete, all of the CAs and data on the source node running 6.9.1 are migrated

over to the new 6.10.0 version.

EJBCA Cloud Upgrade Guide

5( )10

Upgrade Procedure

Follow the instructions in this procedure to upgrade the version of EJBCA from 6.9.1 to 6.10.0 in the

following steps:

Backup Existing Instance

Copy Backup to New Instance

Restore Backup on New Instance

Currently used EJBCA version

The version of EJBCA is visible in the top-right corner of the EJBCA Administration home screen.

EJBCA Cloud Upgrade Guide

6( )10

1.

2.

3.

4.

5.

6.

Backup Existing Instance

Using the SSH key that you selected when procuring the instance, SSH into the EJBCA Cloud

Edition instance using the username ec2-user.

# ssh –i ssh-key.pem ec2-user@elastic-ip.compute-1.amazonaws.com

Run the command to get elevated privileges:sudo su

sudo su

Change to the directory./opt/PrimeKey/support

Run the script to create a backup of your system.system_backup.sh

Press to proceed and enter a password to protect the backup once prompted:Y

Make a note of the name of the backup file created. Copy the backup file to a directory that is

accessible by the , for example .ec2-user /home/ec2-user/

In this case, the file "/opt/PrimeKey/support/backup_files/ejbca_db-ip-172-16-0-

" is copied to :128.ec2.internal-1509663778.tar.gz /home/ec2-user/

# cp /opt/PrimeKey/support/backup_files/ejbca_db-ip-172-16-0-128.ec2.internal-1509663

778.tar.gz /home/ec2-user/

EJBCA Cloud Upgrade Guide

7( )10

1.

Copy Backup to New Instance

Using either the command line interface (CLI) or a Secure Copy Protocol (SCP) utility, copy the file to

your local system. You can copy the file directly from one instance to another if your VPC allows it. In

this example, we will bring the file down locally and then SCP it to the new instance.

Copy the file to your local system, using either CLI or a SCP utility:

Using the CLI:

# scp -i ~/Documents/C2\ Comp/PrimeKey/EC2\ Creds/c2-ssh/c2-ssh.pem ec2-user@ec

2-34-229-187-81.compute-1.amazonaws.com:/home/ec2-user/ejbca_db-ip-172-16-0-128

.ec2.internal-1509663778.tar.gz ~/Downloads/ejbca_db-ip-172-16-0-128.ec2.

internal-1509663778.tar.gz

EJBCA Cloud Upgrade Guide

8( )10

1.

2.

3.

Using a SCP utility (in this case Cyberduck)

Specify details to connect to your instance, for example hostname, username, and

SSH key):

Connect to the instance and download the file to the local system:

Wait for the download to complete.

Start a new instance from the Amazon AWS Marketplace. Ensure to select the correct version in

the list menu (the most recent version is by default selected). For more information, Version

refer to the EJBCA Cloud Quick Start Guide.

Wait for the new instance to start and retrieve the certificate for the new version. superadmin

For more information, refer to the EJBCA Cloud Quick Start Guide.

EJBCA Cloud Upgrade Guide

9( )10

4.

5.

6.

7.

Access the administration interface for the new instance.

Note the version of the new instance in the top-right corner of the EJBCA Administration home

screen, in this example .Version: EJBCA 6.10.0 Enterprise (r26978)

SCP the backup file created in section and copied to the new instance Backup Existing Instance

using the instructions in step 1 above.

If using the CLI, the command will be a bit different since you are copying local to remote.

# scp -i ~/Documents/C2\ Comp/PrimeKey/EC2\ Creds/c2-ssh/c2-ssh.pem ~/Downloads

/ejbca_db-ip-172-16-0-128.ec2.internal-1509663778.tar.gz ec2-user@ec2-52-23-217-245.

compute-1.amazonaws.com:/home/ec2-user/

Once copied, SSH into the new host.

Change to the directory./opt/PrimeKey/support

EJBCA Cloud Upgrade Guide

10( )10

1.

2.

3.

Restore Backup on New Instance

Run the script by pointing it to the backup file location after the script. In system_restore.sh

this example, the backup file is located in and the file name is /home/ec2-user/ ejbca_db-

.ip-172-16-0-128.ec2.internal-1509663778.tar.gz

# /opt/PrimeKey/support/system_restore.sh /home/ec2_user/ejbca_db-ip-172-16-0-128.

ec2.internal-1509663778.tar.gz

Confirm the script and then enter the password for your backup once prompted.

A backup of the existing database will be located at /opt/PrimeKey/support

and SSL files will be backed up to ./backup_files /etc/httpd/ssl_backup

Access your new instance and verify that your existing data appears in the new instance.