Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Setting Up

Upgrading CCC

search
printsuggest an edit

Upgrading CCC

You have the option to upgrade to CCC 4.3 from the following CCC versions:

note

Note

If you plan to upgrade to the latest CCC version, back up and restore your current database using the instructions provided in the Back up and Restore section. Failure to do so will result in the irreversible loss of your existing database after the upgrade.

note

Note

After the upgrade process, it has been observed that there may be instances where outdated data is displayed due to caching. To address this, we recommend clearing your browser cache after the upgrade. This proactive step ensures the retrieval of the most up-to-date version of the application.


copy link to clipboardUpgrading from CCC 4.2 to CCC 4.3


To upgrade CCC from version 4.2 to 4.3, follow these steps based on your environment:


copy link to clipboardUpgrading from CCC 4.2 to CCC 4.3: Podman Users

To upgrade CCC from version 4.2 to 4.3 for Podman:

1Navigate to the Podman directory and stop the CCC container:

podman-compose down

2Verify the removal of CCC container:

podman ps -a

3If a container named ccc appears, remove it:

podman rm -f ccc

4Remove the ccc:4.2.0 image from the local repository:

podman rmi -f ccc:4.2.0

5Delete the pgdata directory after verifying any necessary backup is completed:

sudo rm -rf /home/ccc/pgdata
note

Note

This step is essential to prevent any residual data from previous CCC versions from affecting the upgrade.

6Optional: Delete the server-logs directory to clear old log files:

sudo rm -rf /home/ccc/server-logs
note

Note

Use sudo to ensure the necessary permissions to delete these directories.

7Load the Podman image for version 4.3:

podman load -i ccc-4.3.0_signed.tar

8Review and update ccc_config for compatibility with version 4.3. Detailed instructions can be found here.

9Review and update secretfile as required. Detailed instructions can be found here.

10Move secretfile to the certificates directory:

mv secretfile /home/ccc/ccc-certs

11Update CCC secret (if secretfile was modified):

podman secret rm ccc_password
podman secret create ccc_password secretfile
note

Note

Passwords in the secretfile are deleted after installation for security reasons. To retain them, back up the secretfile.

12Check secret configuration:

podman secret ls

13Configure the scheduler as needed before starting the CCC container.

14Build and start the container:

sh start-ccc-server.sh
note

Note

If you encounter a permission error related to Podman's rootless networking, ensure the necessary systemd permissions or run the command with root privileges. See the Podman Networking Documentation for further guidance.

15Choose between using a DNS or IP Address to host CCC. If using an IP address, input the correct IP for the virtual machine hosting CCC.

16Monitor logs to confirm the installation process:

podman logs -f ccc

17Restore your previous data following the instructions provided in the Back up and Restore section.

18Launch CCC on any node using one of the URLs below:


  • https://host_ip:8181

  • https://hostname:8181

note

Note

For detailed LDAPS configuration instructions, refer to the Installing CCC page.


copy link to clipboardUpgrading from CCC 4.2 to CCC 4.3: Kubernetes Users

To upgrade CCC from version 4.2 to 4.3 for Kubernetes:

1On the master node, stop the existing CCC container and remove related resources:

kubectl delete -f deployment.yaml
kubectl delete -f service.yaml
kubectl delete -f config-map.yaml
kubectl delete -f lunalogs-volume.yaml
kubectl delete -f postgres-data.yaml
kubectl delete -f packages-volume.yaml
kubectl delete -f serverlogs-volume.yaml
kubectl delete secrets ccc-password

2Remove the ccc:4.2.0 image from all Worker nodes:

crictl rmi ccc:4.2.0

3Delete the pgdata directory on each Worker node:

sudo rm -rf /home/ccc/pgdata

4Optional: Delete the server-logs directory to remove old logs:

sudo rm -rf /home/ccc/server-logs
note

Note

The sudo command may be required for permissions.

5Run the following command to determine the container runtime:

crictl config --get image-endpoint

6Import the CCC image on each Worker node according to your container runtime:


  • For containerd, run ctr -n=k8s.io images import ccc-4.3.0_signed.tar.

  • For CRI-O, ensure Podman is installed, then run podman load -i ccc-4.3.0_signed.tar. Next, edit deployment.yaml to set the image value to localhost/ccc:4.3.0.

7List all images on the Worker node to confirm successful import:

crictl images

8On the master node, create necessary secrets:

kubectl create secret generic ccc-password \
--from-literal=CCC_TRUSTSTORE_PASSWORD='password' \
--from-literal=CCC_KEYSTORE_PASSWORD='password' \
--from-literal=CCC_CREDENTIALSTORE_PASSWORD='password' \
--from-literal=HSM_PASSWORD1='password' \
--from-literal=CRYPTO_OFFICER_PASSWORD='password' \
--from-literal=HSM_PASSWORD2='password' \
--from-literal=CCC_ADMIN_PASSWORD='password' \
--from-literal=CA_CERTIFICATE_PASSWORD='password' \
--from-literal=CCC_DB_PASSWORD='password'
note

Note

Ensure all passwords comply with the required policies.

9Update config-map.yaml as needed:

vi config-map.yaml

  • Separate each key and value with a colon and a space (e.g., key: value).

  • For an external database, provide relevant details.

  • If using HA ROT, configure settings according to the cloning protocol.

  • Specify CCC_LICENSE_FILE_NAME for the CCC license.

  • If using hostnames/DNS for HSM_IP1 or HSM_IP2, update hostAliases in deployment.yaml.

10If using LDAPS, configure the settings in the deployment.yaml file:

vi deployment.yaml

For detailed LDAPS configuration instructions, refer to the Installing CCC page.

11Optional: Configure the scheduler

12Start the CCC service on the master node:

sh start-ccc-server.sh

13Check the status of all resources:

sudo kubectl get all -o wide

14Monitor the CCC container logs for any issues:

kubectl logs -f [ccc-podname]

15Restore your previous data following the instructions provided in the Back up and Restore section.

16Once installation is complete, access CCC using one of the following URLs:


  • https://master_node_ip:30036
  • https://master_node_hostname:30036
copy link to clipboardUpgrading from CCC 4.2 to CCC 4.3: Helm Users

To upgrade CCC from version 4.2 to 4.3 for Helm:

1On the master node, stop the existing CCC container and remove related resources:

helm uninstall ccc
kubectl delete secrets ccc-password

2Remove the ccc:4.2.0 image from all Worker nodes:

crictl rmi ccc:4.2.0

3Delete the pgdata directory on each Worker node:

sudo rm -rf /home/ccc/pgdata

4Optional: Delete the server-logs directory to remove old logs:

sudo rm -rf /home/ccc/server-logs
note

Note

The sudo command may be required for permissions.

5Run the following command to determine the container runtime:

crictl config --get image-endpoint

6Based on the container runtime, import the CCC image on each Worker node:


  • For containerd, run the command ctr -n=k8s.io images import ccc-4.3.0_signed.tar.

  • For CRI-O, ensure Podman is installed, then run podman load -i ccc-4.3.0_signed.tar. Next, edit deployment.yaml to set the image value to localhost/ccc:4.3.0.

7List all images on the Worker node to confirm successful import:

crictl images

8On the master node, create necessary secrets:

kubectl create secret generic ccc-password \
--from-literal=CCC_TRUSTSTORE_PASSWORD='password' \
--from-literal=CCC_KEYSTORE_PASSWORD='password' \
--from-literal=CCC_CREDENTIALSTORE_PASSWORD='password' \
--from-literal=HSM_PASSWORD1='password' \
--from-literal=CRYPTO_OFFICER_PASSWORD='password' \
--from-literal=HSM_PASSWORD2='password' \
--from-literal=CCC_ADMIN_PASSWORD='password' \
--from-literal=CA_CERTIFICATE_PASSWORD='password' \
--from-literal=CCC_DB_PASSWORD='password'
note

Note

Ensure all passwords comply with the required policies.

9Update values.yaml as needed:

vi values.yaml

  • Separate each key and value with a colon and a space (e.g., key: value).

  • For an external database, provide relevant details.

  • If using HA ROT, configure settings according to the cloning protocol.

  • Specify CCC_LICENSE_FILE_NAME for the CCC license.

  • If using hostnames/DNS for HSM_IP1 or HSM_IP2, update hostAliases in deployment.yaml.

10If using LDAPS, configure the settings in templates/deployment.yaml:

vi deployment.yaml

For detailed LDAPS configuration instructions, refer to the Installing CCC page.

11Optional: Configure the scheduler

12Start the CCC service on the master node:

sh start-ccc-server.sh

13Check the status of all resources:

sudo kubectl get all -o wide

14Monitor the CCC container logs for any issues:

kubectl logs -f [ccc-podname]

15Restore your previous data following the instructions provided in the Back up and Restore section.

16Once installation is complete, access CCC using one of the following URLs:


  • https://master_node_ip:30036
  • https://master_node_hostname:30036

copy link to clipboardUpgrading from CCC 4.1 to CCC 4.3


To upgrade CCC from version 4.1 to 4.3, follow these steps based on your environment:


copy link to clipboardUpgrading from CCC 4.1 to CCC 4.3: Podman Users

To upgrade from CCC version 4.1 to 4.3 for Podman users, follow these steps:

1Navigate to the podman directory and stop the CCC services by running:

podman-compose down

2Check if the CCC container has been removed by using:

podman ps -a

3If a container named ccc still appears, remove it with:

podman rm -f ccc

4Delete the ccc:4.1.0 image from your local repository:

podman rmi -f ccc:4.1.0

5Delete the pgdata directory to ensure no residual data from the CCC container remains.Ensure you have backed up any necessary files before performing this step. Run:

sudo rm -rf /home/ccc/pgdata
note

Note

The sudo command may be required for permission.

6(Optional) To remove logs from previous versions, delete the server-logs directory:

sudo rm -rf /home/ccc/server-logs

7Follow the upgrade steps for CCC 4.1 to 4.2.

8After the upgrade to 4.2, restore the database using the steps in the Backup and Restore Guide section.

9Finally, complete the upgrade to version 4.3 by following the instructions specific to the CCC 4.2 to 4.3 transition.

copy link to clipboardUpgrading from CCC 4.1 to CCC 4.3: Kubernetes Users

To upgrade from CCC version 4.1 to 4.3 for Kubernetes users, follow these steps:

1On the master node, stop the previous CCC container and related resources:

kubectl delete -f deployment.yaml
kubectl delete -f service.yaml
kubectl delete -f config-map.yaml
kubectl delete -f lunalogs-volume.yaml
kubectl delete -f postgres-data.yaml
kubectl delete -f packages-volume.yaml
kubectl delete -f serverlogs-volume.yaml
kubectl delete secrets ccc-password

2On each worker node, remove the CCC 4.1.0 image:

crictl rmi ccc:4.1.0

3Delete the pgdata directory to remove any residual data from CCC. Ensure a backup is taken if needed, as this step will permanently delete data:

sudo rm -rf /home/ccc/pgdata
note

Note

sudo may be required for permissions.

4Optionally, delete the server-logs directory to clear logs from previous versions:

sudo rm -rf /home/ccc/server-logs
note

Note

sudo may be required for permissions.

5Follow the steps on the upgrade page to transition from CCC 4.1 to 4.2.

6Restore your previous data following the instructions provided in the Back up and Restore section.

7Finally, complete the upgrade by following the steps for transitioning from CCC 4.2 to 4.3.


copy link to clipboardUpgrading from CCC 4.1 to CCC 4.3: Helm Users

To upgrade from CCC version 4.1 to 4.3 for Helm users, follow these steps:

1On the master node, stop the previous CCC container and related resources:

helm uninstall ccc
kubectl delete secrets ccc-password

2On each worker node, remove the CCC 4.1.0 image:

crictl rmi ccc:4.1.0

3Delete the pgdata directory to remove any residual data from CCC. Ensure a backup is taken if needed, as this step will permanently delete data:

sudo rm -rf /home/ccc/pgdata
note

Note

sudo may be required for permissions.

4Optionally, delete the server-logs directory to clear logs from previous versions:

sudo rm -rf /home/ccc/server-logs
note

Note

sudo may be required for permissions.

5Follow the steps on the upgrade page to transition from CCC 4.1 to 4.2.

6Restore your previous data following the instructions provided in the Back up and Restore section.

7Finally, complete the upgrade by following the steps for transitioning from CCC 4.2 to 4.3.


copy link to clipboardUpgrading from CCC 4.0 to CCC 4.3


To upgrade CCC from version 4.0 to 4.3, complete the steps outlined for upgrading from CCC 4.1 to 4.3, depending on your environment.


copy link to clipboardUpgrading from CCC 3.9 to CCC 4.3


To upgrade CCC from version 3.9 to 4.3:

1Create a database backup to preserve your current data.

2Uninstall CCC 3.9 by running the following command to execute the uninstall.sh script:

sh /usr/safenet/ccc/uninstall.sh

3Install CCC 4.2.

4Restore your database after the CCC 4.2 installation is complete.

5Complete the upgrade to CCC 4.3 by following the steps for upgrading from CCC 4.2 to CCC 4.3.


copy link to clipboardUpgrading from CCC 3.8.1 or below to CCC 4.3


To upgrade CCC from version 3.8.1 and below to 4.3:

1Obtain the CCC version 3.9 distribution package.

2Upgrade to CCC 3.9 by executing the install.sh script from the CCC 3.9 distribution package.

3Verify the successful installation of CCC 3.9 by checking the CCC GUI for confirmation.

4Complete the upgrade to CCC 4.3 by following the steps for upgrading from CCC 3.9 to CCC 4.3.

On this page