Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE Manual page 56

Chapter 5. Step 4: Migrating Security Databases
1. Remove all the security databases in the new Certificate System which will receive migrated
data.
rm /var/lib/instance_ID/alias/cert8.db
rm /var/lib/instance_ID/alias/key3.db
2. Log into the 7.x server as the Certificate System user for that machine.
3. Migrate the master key from the 7.x TKS instance. (Depending on your installation, there may
not be any master key information stored in the 7.x TKS instance.)
a. Open the configuration file for the 7.x server instance being migrated.
• If the migration is from Certificate Management System 7.0, open the
directory.
config
• If the migration is from Certificate System 7.1, open the
System
config
• If the migration is from Certificate System 7.2, open the
System
/var/lib/
b. Write down the exact value for the
tks.mk_mappings.#tks_master_key_version_number#01=internal:tks_master_key_version_name
A
tks.mk_mappings
tks.mk_mappings.#02#01=internal:tks_master_key_v2
In this example,
02
tks_master_key_version_name.
4. Migrate symmetric keys from a 7.x TKS instance. Two things are necessary:
• A written copy of the original three session key shares to reproduce the symmetric
transport key on the 7.x TKS instance.
• Copies of all files (there is at least one) containing the wrapped master keys for the 7.x
security database; for example,
NOTE
These files are created whenever the user generates a new master key using the
tksTool -W
50
directory.
instance_ID directory.
/conf
tks.mk_mappings.
value looks like the following example:
is the tks_master_key_version_ number, and tks_master_key_v2 is the
tks_master_key_v2.txt
option.
CMS.cfg
file in the Certificate
CS.cfg
file in the Certificate
CS.cfg
line.
.
in the