Table of Contents
Advertisement
Chapter 5. Step 4: Migrating Security Databases
kra.storageUnit.nickname=new_HSM_slot_name:kraStorageCert
cert-old_DRM_instance
kra.transportUnit.nickname=new_HSM_slot_name:kraTransportCert
cert-old_DRM_instance
NOTE
The
caSigningCert
22. I n the same directory, edit the
nickname. For example:
new_HSM_slot_name:Server-Cert cert-old_DRM_instance
2.3. Option 3: HSM to Security Databases Migration
1. Extract the public/private key pairs from the HSM. The format for the extracted key pairs
should be portable, such as a PKCS #12 file.
The
tool provided by Certificate System cannot extract public/private key pairs
pk12util
from an HSM because of requirements in the FIPS 140-1 standard which protect the private
key. To extract this information, contact the HSM vendor. The extracted keys should not have
any dependencies, such as nickname prefixes, on the HSM.
2. Copy the extracted key pairs from the 6.x server to the 7.3 server.
cp old_server_root/alias/ServerCert.p12
/var/lib/instance_ID/alias/ServerCert.p12
cp old_server_root/alias/kraStorageCert.p12
/var/lib/instance_ID/alias/kraStorageCert.p12
cp old_server_root/alias/kraTransportCert.p12
/var/lib/instance_ID/alias/kraTransportCert.p12
3. Extract the public key of the CA signing certificate from the old security databases and save
the base-64 encoded output to a file called
a. Open the Certificate Management System 6.x
cd old_server_root/alias
30
is not referenced in the
serverCertNick.conf
caSigningCert.b64
/alias
file.
CS.cfg
file to contain the old certificate
.
directory.
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE and is the answer not in the manual?
Questions and answers