Data Recovery Manager (Drm) Migration - Red Hat CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE Manual

rm caSigningCert.p12
rm ocspSigningCert.p12
12. S et the trust bits on the public/private key pairs that were imported into the new HSM.
certutil -M -n "new_HSM_slot_name:Server-Cert cert-old_CA_instance"
-t "cu,cu,cu" -d . -h new_HSM_token_name
certutil -M -n "new_HSM_slot_name:caSigningCert cert-old_CA_instance"
-t "CTu,CTu,CTu" -d . -h new_HSM_token_name
certutil -M -n "new_HSM_slot_name:ocspSigningCert cert-old_CA_instance"
-t "CTu,Cu,Cu" -d . -h new_HSM_token_name
13. O pen the configuration file in the
CS.cfg
14. E dit the
ca.signing.cacertnickname
the 7.3 CA instance.
ca.signing.cacertnickname=new_HSM_slot_name:caSigningCert
cert-old_CA_instance
ca.ocsp_signing.cacertnickname=new_HSM_slot_name:ocspSigningCert
cert-old_CA_instance
15. I f there is CA-DRM connectivity, then also modify the
attribute.
ca.connector.KRA.nickname=new_HSM_slot_name:caSigningCert
cert-old_CA_instance
16. I n the same directory, edit the
nickname. For example:
new_HSM_slot_name:Server-Cert cert-old_CA_instance

2. Data Recovery Manager (DRM) Migration

Determine if the migration to be performed involves software security databases, an HSM, or
both, and follow the appropriate process for the deployment scenario being migrated.
• Section 2.1, "Option 1: Security Databases to Security Databases Migration"
Data Recovery Manager (DRM) Migration
instance_ID
/var/lib/
and
ca.ocsp_cacertnickname
serverCertNick.conf
directory.
/conf/
attributes to reflect
ca.connector.KRA.nickname
file to contain the old certificate
23