Table of Contents
Advertisement
Chapter 5. Step 4: Migrating Security Databases
13. S et the trust bits on the public/private key pairs that were imported into the new HSM.
certutil -M -n "new_HSM_slot_name:Server-Cert cert-old_DRM_instance"
-t "cu,cu,cu" -d . -h new_HSM_token_name
certutil -M -n "new_HSM_slot_name:kraStorageCert cert-old_DRM_instance"
-t "u,u,u" -d . -h new_HSM_token_name
certutil -M -n "new_HSM_slot_name:kraTransportCert cert-old_DRM_instance"
-t "u,u,u" -d . -h new_HSM_token_name
14. I mport the public key from the base-64 file into the new HSM, and set the trust bits.
certutil -A -n "new_HSM_slot_name:caSigningCert cert-old_DRM_instance"
-t "CT,c," -d . -h new_HSM_token_name -i caSigningCert.b64
15. O ptionally, delete the base-64 file.
rm caSigningCert.b64
16. O pen the
configuration file in the
CS.cfg
17. E dit the
kra.storageUnit.nickname
reflect the 7.3 DRM information.
kra.storageUnit.nickname=new_HSM_slot_name:kraStorageCert
cert-old_DRM_instance
kra.transportUnit.nickname=new_HSM_slot_name:kraTransportCert
cert-old_DRM_instance
NOTE
The
caSigningCert
18. I n the same directory, edit the
nickname. For example:
new_HSM_slot_name:Server-Cert cert-old_DRM_instance
36
instance_ID
/var/lib/
and
kra.transportUnit.nickname
is not referenced in the
serverCertNick.conf
directory.
/conf/
attributes to
file.
CS.cfg
file to contain the old certificate
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE
Related Products for Red Hat CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE and is the answer not in the manual?
Questions and answers