1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE
  6. Manual

Red Hat CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Red Hat Certificate System
Migration Guide: 6.x to 7.3
6.0
Matthew Harmsen
ISBN: N/A
Publication date: March 12, 2008

Advertisement

Table of Contents
loading

Related Manuals for Red Hat CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE

Summary of Contents for Red Hat CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE

  • Page 1 Red Hat Certificate System Migration Guide: 6.x to 7.3 Matthew Harmsen ISBN: N/A Publication date: March 12, 2008...
  • Page 2 Red Hat Certificate System This migration guide provides in-depth procedures to migrate subsystems, user information, and certificate and key materials from Netscape Certificate Management System 6.0, 6.1, and 6.2 to Red Hat Certificate System 7.3.
  • Page 3 All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E...
  • Page 4 Red Hat Certificate System...

  • Page 5: Table Of Contents

    1. Introduction to Red Hat Certificate System Migration ..........1 1. Certificate System Migration Overview ............1 1.1. Migration Scripts ................. 2 1.2. Certificate System Subsystems ............3 2. Considerations before Migration ..............4 2. Step 1: Preparing the 6.x Server Instance for Migration ..........7 3.

  • Page 7: Introduction To Red Hat Certificate System Migration

    Chapter 1. Introduction to Red Hat Certificate System Migration Netscape Certificate Management System (CMS) versions 6.0x, 6.1, and 6.2 can be migrated to Red Hat Certificate System version 7.3 using the Red Hat Certificate System migration utility. Certificate System has the ability to extract data from the installation of a previous version and migrate this data to 7.3.

  • Page 8: Migration Scripts

    Chapter 1. Introduction to Red Hat Certificate System Migration 6. Renew all migrated certificates. 1.1. Migration Scripts The Certificate System migration utility contains several separate platform-independent tools, but only two are required for migrating a Certificate System installation: one program to convert all of the data in an LDIF that was exported from the 6.x installation into a normalized LDIF text file, and another program to convert the normalized LDIF text file into an LDIF data file that can be imported into the newer Certificate System.

  • Page 9: Certificate System Subsystems

    Certificate System Subsystems Certificate System migration import utilities are files named . To migrate the TxtToversion Certificate Management System 6.x servers to Certificate System 7.3, use the script. TxtTo73 The import tool contains the following files: • Three precompiled Java™ classes •...

  • Page 10: Considerations Before Migration

    Chapter 1. Introduction to Red Hat Certificate System Migration Product (including service Subsystems Platforms packs and hot-fixes) Netscape Certificate Red Hat Linux 7.2 Management System 6.01 Red Hat Enterprise Linux AS OCSP Solaris 8 Netscape Certificate Solaris 8 Management System 6.1 OCSP Netscape Certificate Red Hat Enterprise Linux AS...
  • Page 11 Considerations before Migration migration is complete before starting the migration of the next subsystem. Setting File Permissions. • On Linux and UNIX systems, make sure that the file owner (user and group) and the file permissions are correct when the file is copied between two instances. Also make sure that the target machine allows the file transfer.

  • Page 13: Step 1: Preparing The 6.X Server Instance For Migration

    Chapter 2. Step 1: Preparing the 6.x Server Instance for Migration Before migrating a Certificate System instance, back up the Certificate System instance. When the backup process is complete, then stop the old Certificate System, Directory Server, and Administration Server instances. 1.

  • Page 15: Step 2: Installing The New Certificate System

    Chapter 3. Step 2: Installing the New Certificate System Install a new Certificate System 7.3 instance. All subsystem instances are installed separately; make sure that every subsystem type which will be migrated has a corresponding new subsystem instance. 1. Obtain the appropriate packages either through the command or by downloading up2date the ISO image from the Certificate System 7.3 Red Hat Network channel.

  • Page 17: Step 3: Stopping The New Certificate System Servers

    Chapter 4. Step 3: Stopping the New Certificate System Servers 1. First, stop all new Certificate System instances. /etc/init.d/instance_ID stop 2. Then stop the Directory Server instance used by the Certificate System 7.3 servers. cd /opt/redhat-ds/slapd-DS-instance ./stop-slapd...

  • Page 19: Step 4: Migrating Security Databases

    Chapter 5. Step 4: Migrating Security Databases For every Red Hat Certificate System subsystem instance migration, the data from the certificate ( ) and key ( ) security databases for the Netscape cert7.db cert8.db key3.db Certificate Management System 6.x instances must be extracted and copied into the Red Hat Certificate System 7.3 subsystem's directory.
  • Page 20 Chapter 5. Step 4: Migrating Security Databases NOTE On Certificate Management System 6.0x, the certificate database is cert7.db cert8.db 2. Copy the certificate and key security databases from the 6.x server to the 7.3 server. cp old_server_root/alias/cert-old_CA_instance-cert8.db /var/lib/instance_ID/alias/cert8.db cp old_server_root/alias/cert-old_CA_instance-key3.db /var/lib/instance_ID/alias/key3.db 3.

  • Page 21: Option 2: Security Databases To Hsm Migration

    Option 2: Security Databases to HSM NOTE For Certificate Management System version 6.0x, the certificate database is automatically converted from cert7.db cert8.db 9. Open the configuration file in the instance_ID directory. CS.cfg /var/lib/ /conf/ 10. E dit the attributes ca.signing.cacertnickname ca.ocsp_signing.cacertnickaname to reflect the 7.3 CA instance.
  • Page 22 Chapter 5. Step 4: Migrating Security Databases cp old_server_root/alias/cert-old_CA_instance-cert8.db /var/lib/instance_ID/alias/cert8.db cp old_server_root/alias/cert-old_CA_instance-key3.db /var/lib/instance_ID/alias/key3.db 3. Open the Certificate System directory. /alias cd /var/lib/instance_ID/alias/ 4. Log in as root 5. Set the file user and group to the Certificate System user and group. # chown user:group cert8.db # chown user:group key3.db 6.
  • Page 23 Migration pk12util -o ServerCert.p12 -n "Server-Cert cert-old_CA_instance" -d . Enter Password or Pin for "NSS Certificate DB":******** Enter password for PKCS12 file: ******** Re-enter password: ******** pk12util: PKCS12 EXPORT SUCCESSFUL pk12util -o caSigningCert.p12 -n "caSigningCert cert-old_CA_instance" -d . Enter Password or Pin for "NSS Certificate DB":******** Enter password for PKCS12 file: ******** Re-enter password: ******** pk12util: PKCS12 EXPORT SUCCESSFUL...
  • Page 24 Chapter 5. Step 4: Migrating Security Databases 14. I mport the public/private key pairs of each entry from the PKCS #12 files into the new HSM. pk12util -i ServerCert.p12 -d . -h new_HSM_slot_name Enter Password or Pin for "new_HSM_slot_name":******** Enter password for PKCS12 file: ******** pk12util: PKCS12 IMPORT SUCCESSFUL pk12util -i caSigningCert.p12 -d .

  • Page 25: Option 3: Hsm To Security Databases Migration

    Option 3: HSM to Security Databases ca.connector.KRA.nickname=new_HSM_slot_name:caSigningCert cert-old_CA_instance 20. I n the same directory, edit the file to contain the old certificate serverCertNick.conf nickname. For example: new_HSM_slot_name:Server-Cert cert-old_CA_instance 1.3. Option 3: HSM to Security Databases Migration 1. Extract the public/private key pairs from the HSM. The format for the extracted key pairs should be portable, such as a PKCS #12 file.
  • Page 26 Chapter 5. Step 4: Migrating Security Databases 6. Log out as , and log back into the system as the Certificate System user. root 7. Set the file permissions. chmod 00600 ServerCert.p12 chmod 00600 caSigningCert.p12 chmod 00600 ocspSigningCert.p12 8. Import the public/private key pairs of each entry from the PKCS #12 files into the 7.3 security databases.

  • Page 27: Option 4: Hsm To Hsm Migration

    Migration reflect the 7.3 CA instance. ca.signing.cacertnickname=caSigningCert cert-old_CA_instance ca.ocsp_signing.cacertnickname=ocspSigningCert cert-old_CA_instance 13. I f there is CA-DRM connectivity, then also modify the ca.connector.KRA.nickname attribute. ca.connector.KRA.nickname=caSigningCert cert-old_CA_instance 14. I n the same directory, edit the file to contain the old certificate serverCertNick.conf nickname.
  • Page 28 Chapter 5. Step 4: Migrating Security Databases # chown user:group ServerCert.p12 # chown user:group caSigningCert.p12 # chown user:group ocspSigningCert.p12 6. Log out as , and log back into the system as the Certificate System user. root 7. Set the file permissions. chmod 00600 ServerCert.p12 chmod 00600 caSigningCert.p12 chmod 00600 ocspSigningCert.p12...

  • Page 29: Data Recovery Manager (Drm) Migration

    Data Recovery Manager (DRM) Migration rm caSigningCert.p12 rm ocspSigningCert.p12 12. S et the trust bits on the public/private key pairs that were imported into the new HSM. certutil -M -n "new_HSM_slot_name:Server-Cert cert-old_CA_instance" -t "cu,cu,cu" -d . -h new_HSM_token_name certutil -M -n "new_HSM_slot_name:caSigningCert cert-old_CA_instance" -t "CTu,CTu,CTu"...

  • Page 30: Option 1: Security Databases To Security Databases Migration

    Chapter 5. Step 4: Migrating Security Databases • Section 2.2, “Option 2: Security Databases to HSM Migration” • Section 2.3, “Option 3: HSM to Security Databases Migration” • Section 2.4, “Option 4: HSM to HSM Migration” NOTE Archived keys stored in a 6.0x or 6.1 DRM cannot be migrated to Certificate System 7.3 because the old key-splitting scheme is not supported in versions later than 6.1 (SP4).
  • Page 31 Option 1: Security Databases to Security 4. Log in as root 5. Set the file user and group to the Certificate System user and group. # chown user:group cert8.db # chown user:group key3.db 6. Log out as , and log back into the system as the Certificate System user. root 7.

  • Page 32: Option 2: Security Databases To Hsm Migration

    Chapter 5. Step 4: Migrating Security Databases 11. I n the same directory, edit the file to contain the old certificate serverCertNick.conf nickname. For example: Server-Cert cert-old_DRM_instance 2.2. Option 2: Security Databases to HSM Migration 1. Remove all the security databases in the Certificate System 7.3 which will receive migrated data.
  • Page 33 Databases Migration 7. Set the file permissions. chmod 00600 cert8.db chmod 00600 key3.db 8. List the certificates stored in the old security databases by using the command; certutil lists the certificates. certutil -L -d . Server-Cert cert-old_DRM_instance cu,cu,cu caSigningCert cert-old_DRM_instance cT,c, kraStorageCert cert-old_DRM_instance u,u,u kraTransportCert cert-old_DRM_instance u,u,u NOTE...
  • Page 34 Chapter 5. Step 4: Migrating Security Databases NOTE The old security databases may contain additional public/private key pairs; these can also be extracted using pk12util 10. E xport the public key using the tool; lists the named certificate, sets the certutil name of the file and the old prefix, and outputs the information to a base-64 file.
  • Page 35 Option 2: Security Databases to HSM Enter Password or Pin for "new_HSM_slot_name":******** Enter password for PKCS12 file: ******** pk12util: PKCS12 IMPORT SUCCESSFUL pk12util -i kraStorageCert.p12 -d . -h new_HSM_slot_name Enter Password or Pin for "new_HSM_slot_name":******** Enter password for PKCS12 file: ******** pk12util: PKCS12 IMPORT SUCCESSFUL pk12util -i kraTransportCert.p12 -d .

  • Page 36: Option 3: Hsm To Security Databases Migration

    Chapter 5. Step 4: Migrating Security Databases kra.storageUnit.nickname=new_HSM_slot_name:kraStorageCert cert-old_DRM_instance kra.transportUnit.nickname=new_HSM_slot_name:kraTransportCert cert-old_DRM_instance NOTE is not referenced in the file. caSigningCert CS.cfg 22. I n the same directory, edit the file to contain the old certificate serverCertNick.conf nickname. For example: new_HSM_slot_name:Server-Cert cert-old_DRM_instance 2.3.
  • Page 37 Migration b. Set the environment variable to search the Certificate System libraries. LD_LIBRARY_PATH LD_LIBRARY_PATH=old_server_root/bin/cert/lib export LD_LIBRARY_PATH c. Use the Certificate Management System 6.x tool to identify the old HSM slot certutil name. old_server_root/bin/cert/tools/certutil -U -d . d. Use the Certificate Management System 6.x tool to extract the public key from certutil the security databases and save the base-64 output to a file.
  • Page 38 Chapter 5. Step 4: Migrating Security Databases chmod 00600 kraStorageCert.p12 chmod 00600 kraTransportCert.p12 chmod 00600 caSigningCert.b64 9. Import the public/private key pairs of each entry from the PKCS #12 files into the 7.3 security databases. pk12util -i ServerCert.p12 -d . Enter Password or Pin for "NSS Certificate DB":******** Enter password for PKCS12 file: ******** pk12util: PKCS12 IMPORT SUCCESSFUL...

  • Page 39: Option 4: Hsm To Hsm Migration

    Option 4: HSM to HSM Migration 13. O ptionally, delete the base-64 file. rm caSigningCert.b64 14. O pen the configuration file in the instance_ID directory. CS.cfg /var/lib/ /conf/ 15. E dit the attributes to kra.storageUnit.nickname kra.transportUnit.nickname reflect the 7.3 DRM instance. kra.storageUnit.nickname=kraStorageCert cert-old_DRM_instance kra.transportUnit.nickname=kraTransportCert cert-old_DRM_instance NOTE...
  • Page 40 Chapter 5. Step 4: Migrating Security Databases 3. Extract the public key of the CA signing certificate from the old security databases and save the base-64 encoded output to a file called caSigningCert.b64 a. Open the Certificate Management System 6.x directory.
  • Page 41 Option 4: HSM to HSM Migration # chown user:group caSigningCert.b64 7. Log out as , and log back into the system as the Certificate System user. root 8. Set the file permissions. chmod 00600 ServerCert.p12 chmod 00600 kraStorageCert.p12 chmod 00600 kraTransportCert.p12 chmod 00600 caSigningCert.b64 9.
  • Page 42 Chapter 5. Step 4: Migrating Security Databases 13. S et the trust bits on the public/private key pairs that were imported into the new HSM. certutil -M -n "new_HSM_slot_name:Server-Cert cert-old_DRM_instance" -t "cu,cu,cu" -d . -h new_HSM_token_name certutil -M -n "new_HSM_slot_name:kraStorageCert cert-old_DRM_instance" -t "u,u,u"...

  • Page 43: Online Certificate Status Protocol Manager (Ocsp) Migration

    Option 1: Security Databases to Security 3. Online Certificate Status Protocol Manager (OCSP) Migration Determine if the migration to be performed involves software security databases, an HSM, or both, and follow the appropriate process for the deployment scenario being migrated. •...
  • Page 44 Chapter 5. Step 4: Migrating Security Databases /alias/key3.db 3. Open the Certificate System directory. /alias cd /var/lib/instance_ID/alias/ 4. Log in as root 5. Set the file user and group to the Certificate System user and group. # chown user:group cert8.db # chown user:group key3.db 6.

  • Page 45: Option 2: Security Databases To Hsm Migration

    Databases Migration NOTE is not referenced in the file. caSigningCert CS.cfg 11. I n the same directory, edit the file to contain the old certificate serverCertNick.conf nickname. For example: Server-Cert cert-old_OCSP_instance 3.2. Option 2: Security Databases to HSM Migration 1. Remove all the security databases in the Certificate System 7.3 server which will receive migrated data.
  • Page 46 Chapter 5. Step 4: Migrating Security Databases # chown user:group cert8.db # chown user:group key3.db 6. Log out as , and log back into the system as the Certificate System user. root 7. Set the file permissions. chmod 00600 cert8.db chmod 00600 key3.db 8.
  • Page 47 Option 2: Security Databases to HSM NOTE The old security databases may contain additional public/private key pairs; these can also be extracted using pk12util 10. E xport the public key using the tool; lists the named certificate, sets the certutil name of the file and the old prefix, and outputs the information to a base-64 file.
  • Page 48 Chapter 5. Step 4: Migrating Security Databases pk12util: PKCS12 IMPORT SUCCESSFUL pk12util -i ocspSigningCert.p12 -d . -h new_HSM_slot_name Enter Password or Pin for "new_HSM_slot_name":******** Enter password for PKCS12 file: ******** pk12util: PKCS12 IMPORT SUCCESSFUL 16. O ptionally, delete the PKCS #12 files. rm ServerCert.p12 rm ocspSigningCert.p12 17.

  • Page 49: Option 3: Hsm To Security Databases Migration

    Migration 22. I n the same directory, edit the file to contain the old certificate serverCertNick.conf nickname. For example: new_HSM_slot_name:Server-Cert cert-old_OCSP_instance 3.3. Option 3: HSM to Security Databases Migration 1. Extract the public/private key pairs from the HSM. The format for the extracted key pairs should be portable, such as a PKCS #12 file.
  • Page 50 Chapter 5. Step 4: Migrating Security Databases old_server_root/bin/cert/tools/certutil -L -n "old_HSM_slot_name:caSigningCert cert-old_OCSP_instance" -d . -h old_HSM_token_name -a > caSigningCert.b64 e. Copy the key information from the 6.x server to the 7.3 server. cp old_server_root/alias/caSigningCert.b64 /var/lib/instance_ID/alias/caSigningCert.b64 4. Open the Certificate System directory.
  • Page 51 Option 4: HSM to HSM Migration 10. O ptionally, delete the PKCS #12 files. rm ServerCert.p12 rm ocspSigningCert.p12 11. S et the trust bits on the public/private key pairs that were imported into the 7.3 security databases. certutil -M -n "Server-Cert cert-old_OCSP_instance" -t "cu,cu,cu" -d . certutil -M -n "ocspSigningCert cert-old_OCSP_instance"...

  • Page 52: Option 4: Hsm To Hsm Migration

    Chapter 5. Step 4: Migrating Security Databases 3.4. Option 4: HSM to HSM Migration NOTE Migrating from a hardware module to another hardware module is not possible for Certificate Management System 6.0x versions, only Certificate Management System 6.1 or 6.2. 1.
  • Page 53 Option 4: HSM to HSM Migration d. Use the Certificate Management System 6.x tool to extract the public key from certutil the security databases and save the base-64 output to a file. old_server_root/bin/cert/tools/certutil -L -n "old_HSM_slot_name:caSigningCert cert-old_OCSP_instance" -d . -h old_HSM_token_name -a > caSigningCert.b64 e.
  • Page 54 Chapter 5. Step 4: Migrating Security Databases 10. I mport the public/private key pairs of each entry from the PKCS #12 files into the new HSM. pk12util -i ServerCert.p12 -d . -h new_HSM_slot_name Enter Password or Pin for "new_HSM_slot_name":******** Enter password for PKCS12 file: ******** pk12util: PKCS12 IMPORT SUCCESSFUL pk12util -i ocspSigningCert.p12 -d .
  • Page 55 Option 4: HSM to HSM Migration NOTE is not referenced in the file. caSigningCert CS.cfg 17. I n the same directory, edit the file to contain the old certificate serverCertNick.conf nickname. For example: new_HSM_slot_name:Server-Cert cert-old_OCSP_instance...

  • Page 57: Step 5: Migrating Password Cache Data

    Chapter 6. Step 5: Migrating Password Cache Data The password information for the Certificate System subsystems are saved in a special password file. In Certificate System 6.x versions, these were kept in the file. The pwcache.db contents of the password file must be decrypted and listed using the tool in the PasswordCache 6.x subsystem instance.
  • Page 58 Chapter 6. Step 5: Migrating Password Cache Data 5. Log into the 7.3 server as the Certificate System user, and open the Certificate System configuration directory. cd /var/lib/instance_ID/conf/ 6. Log in as , and set the file user and group to the Certificate System user and group. root chown user:group password.conf 7.

  • Page 59: Step 6: Migrating Internal Databases

    Chapter 7. Step 6: Migrating Internal Databases Every Certificate Management System 6.x subsystem contains LDIF data in an associated internal database which must be migrated to the corresponding Certificate System 7.3 subsystem internal database. The procedure is the same for each subsystem type. The only difference between Certificate Management System 6.x versions is which import and export utility to use;...
  • Page 60 Name the output file internaldb.database CS.cfg new.ldif For example: /opt/redhat-ds/slapd-DS-instance/db/db2ldif -n server.example.com-rhpki-ca -a /opt/redhat-ds/slapd-DS-instance/ldif/new.ldif 3. Log into the 6.x Certificate System instance, and export the database contents to LDIF. Name the output file old.ldif For example: cd old_server_root/slapd-old_instance-db/db/db2ldif -n userRoot -a old_server_root/slapd-old_instance-db/ldif/old.ldif...
  • Page 61 4. Modify the content of old.ldif NOTE When using a text editor to perform the substitution instead of a script, use an editor that supports file sizes greater than 4 gigabytes, such as vim, because the LDIF files may be larger than 2 gigabytes and even 4 gigabytes in some deployments.
  • Page 62 Chapter 7. Step 6: Migrating Internal Databases cn: Security Domain Administrators uniqueMember: uid=admin,ou=People,basedn dn: cn=Enterprise CA Administrators,ou=groups,basedn description: People who are the administrators for the security domain for objectClass: top objectClass: groupOfUniqueNames cn: Enterprise CA Administrators uniqueMember: uid=admin,ou=People,basedn dn: cn=Enterprise KRA Administrators,ou=groups,basedn description: People who are the administrators for the security domain for objectClass: top objectClass: groupOfUniqueNames...
  • Page 63 7. Log into the 7.3 server as the Certificate System user, and open the Certificate System directory. ldif/ cd /opt/redhat-ds/slapd-DS-instance/ldif 8. Log in as , and set the file user and group to the Certificate System user and group. root # chown user:group old.txt...
  • Page 64 INSTANCE c. Run to use to create an LDIF file. run.sh old.txt run.sh /opt/redhat-ds/slapd-DS-instance/ldif/old.txt > /opt/redhat-ds/slapd-DS-instance/ldif/old.ldif 11. I mport the LDIF file into the Certificate System 7.3 server instance's internal old.ldif database. a. Open the Certificate System 7.3 database directory.

  • Page 65: Step 7: Customizing User Data (Non-Console)

    Chapter 8. Step 7: Customizing User Data (Non-Console) Copy all customized plug-ins, profiles, and forms to the Certificate System 7.3 server, and apply any hand-edited changes to the Certificate System 7.3 file. CS.cfg In this example, the profile configuration in the old_CA_instance has been changed to enable S/MIME support.
  • Page 66 Chapter 8. Step 7: Customizing User Data (Non-Console) OU=Engineering,O=Example policyset.set1.p1.default.params.ldap.enable=true policyset.set1.p1.default.params.ldap.searchName=uid policyset.set1.p1.default.params.ldapStringAttributes=uid,mail policyset.set1.p1.default.params.ldap.basedn=dc=example,dc=com policyset.set1.p1.default.params.ldap.maxConns=4 policyset.set1.p1.default.params.ldap.minConns=1 policyset.set1.p1.default.params.ldap.ldapconn.Version=2 policyset.set1.p1.default.params.ldap.ldapconn.host=ldaphostA.example.com policyset.set1.p1.default.params.ldap.ldapconn.port=389 policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false The altered profile serves certificate requests with S/MIME support enabled.

  • Page 67: Step 8: Starting All Certificate System 7.3 Instances

    Chapter 9. Step 8: Starting All Certificate System 7.3 Instances 1. Restart the Directory Server for the Certificate System 7.3 instance. cd /opt/redhat-ds/slapd-DS-instance ./start-slapd 2. Start all of the Certificate System 7.3 instances. /etc/init.d/instance_ID start...

  • Page 69: Step 9: Generate New Certificate System Server Certificates

    Chapter 10. Step 9: Generate New Certificate System Server Certificates If the Certificate System 7.3 server is on a different machine than the Certificate Management System 6.x server, then an SSL server certificate associated with each newly-migrated Certificate System server instance must be created. There are three procedures to generate new server certificates, depending on the subsystem: generating self-signed CA server certificates;...

  • Page 70: Requesting A New Ssl Server Certificate From A Third-Party Ca

    Chapter 10. Step 9: Generate New Certificate System Server Certificates Algorithm panel. e. The next panel is Subject Name for the SSL Certificate. For the component, enter the fully qualified domain name, such as , of the Certificate System 7.3 CA zeta.example.com instance machine.

  • Page 71: Generating A New Drm, Ocsp, Or Tks Ssl Server Certificate

    Generating a New DRM, OCSP, or TKS SSL . Fill in information in the other fields on this panel; it is strongly omega.example.com recommended that the components also be filled in. e. Go through the remaining panels in the Certificate Setup Wizard, and fill in the different fields or use the defaults.
  • Page 72 Chapter 10. Step 9: Generate New Certificate System Server Certificates a. In the Type of Operation panel, select the Request a certificate option (the default). b. In the Certificate Selection panel, select SSL Server Certificate from the pull-down menu. An SSL server certificate request is generated, which can be submitted to a CA for approval.

  • Page 73: Step 10: Customizing User Data (Console)

    Chapter 11. Step 10: Customizing User Data (Console) Use the Console to configure any custom behavior of the different subsystems, such as customized plug-ins, logging, and auditing. A subsystem may have to be restarted once all configuration changes have been applied.

  • Page 75: Step 11: Verifying Migration

    Chapter 12. Step 11: Verifying Migration After migrating all Certificate Management System 6.x subsystems to the corresponding Certificate System 7.3 subsystem instances, open the CA end-entities services page and each subsystem agent services pages for the Certificate System 7.3 server to ensure that everything is working properly.

This manual is also suitable for:

Certificate system 6.1Certificate system 6.2Certificate system 7.3 - administration

Table of Contents