Red Hat CERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE Manual page 46

Chapter 5. Step 4: Migrating Security Databases
# chown user:group cert8.db
# chown user:group key3.db
6. Log out as , and log back into the system as the Certificate System user.
root
7. Set the file permissions.
chmod 00600 cert8.db
chmod 00600 key3.db
8. List the certificates in the old security databases using the
certificates.
certutil -L -d .
Server-Cert cert-old_OCSP_instance cu,cu,cu
caSigningCert cert-old_OCSP_instance CT,c,
ocspSigningCert cert-old_OCSP_instance cu,cu,cu
NOTE
For Certificate Management System version 6.0x, the certificate database is
automatically converted from
9. Export the public/private key pairs of each entry in the Certificate System databases using
the tool;
pk12util -o
certificate and the old database prefix.
pk12util -o ServerCert.p12 -n "Server-Cert cert-old_OCSP_instance" -d .
Enter Password or Pin for "NSS Certificate DB":********
Enter password for PKCS12 file: ********
Re-enter password: ********
pk12util: PKCS12 EXPORT SUCCESSFUL
pk12util -o ocspSigningCert.p12 -n "ocspSigningCert cert-old_OCSP_instance"
-d .
Enter Password or Pin for "NSS Certificate DB":********
Enter password for PKCS12 file: ********
Re-enter password: ********
pk12util: PKCS12 EXPORT SUCCESSFUL
40
cert7.db
exports the key pairs to a PKCS #12 file, and
command;
certutil
to .
cert8.db
sets the name of the
-n
lists the
-L