Your suggested change has been received. Thank you.


Suggest A Change….


CipherTrust Manager Administration

System Upgrade/Downgrade


Please Note:

System Upgrade/Downgrade

You can upgrade/downgrade your CipherTrust Manager by securely downloading and applying a new/older system archive file.

Refer to Cluster Upgrade for details on upgrading a cluster of devices.

Restoring a backup from release 1.5.0 or later is supported; however, restoring a newer backup to an older version is never supported.

System Upgrade

Please read this section carefully before performing an system upgrade.

System upgrades are supplied in the form of a signed archive file available from the Support Portal.

We test upgrades from the three previous minor versions. That means that for 2.3, we tested upgrade from 2.0, 2.1, and 2.2.

Upgrades from other versions have not been tested and may not work correctly.

  1. Download the archive file to CipherTrust Manager:

    $ scp -i <ssh private key path> <update file name> ksadmin@<ip>:.

    The signature of the archive file is verified before the upgrade/downgrade is performed.

  2. Before proceeding, ensure there is at least 12 GB of space available (not including the upgrade file).

  3. Create and download a backup with corresponding backup key, in case there are any problems.

    Upgrades keep all the data and may migrate the data and configuration. Therefore, as a precaution, it is recommended to take a backup before upgrading.

  4. scp the archive file to the CipherTrust Manager:

    $ scp -i <identity_file> <update file name> ksadmin@<ip>:.

  5. ssh into the CipherTrust Manager as ksadmin and run the following command:

    $ sudo /opt/keysecure/ -f <~/filename>

    Here, <~/filename> specifies path to the signed CipherTrust Manager installer file.

    The signature of the archive file is verified and the upgrade is applied.

System Downgrade

CipherTrust Manager 2.3.0 can be downgraded to 2.2.0. For release-specific upgrade/downgrade information, refer to the release notes for your release.

To downgrade your CipherTrust Manager

Downgrades perform a CipherTrust Manager reset, which wipes all data except the backup files that already exist.

  1. SSH into the CipherTrust Manager as "ksadmin".

  2. Downgrade the CipherTrust Manager:

    $ sudo /opt/keysecure/ -f <~/filename> -y

Usage: -f <FILE> [-o] [-y]

*  `-f`: Path to the signed ${cm} installer file.

*  `-o`: Clustered node cannot be downgraded. Use this flag to override this behavior.

*  `-y`: Skip the confirmation prompt for ${cm} reset.