Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE Manual page 110

rm /var/lib/instance_ID/alias/cert8.db
rm /var/lib/instance_ID/alias/key3.db
2. Copy the certificate and key security databases from the old server to the new server.
cp old_server_root/alias/cert-old_OCSP_instance-cert8.db
/var/lib/instance_ID/alias/cert8.db
cp old_server_root/alias/cert-old_OCSP_instance-key3.db
/var/lib/instance_ID/alias/key3.db
3. Log into the new server as the Certificate System user, and open the Certificate System alias/ directory.
cd /var/lib/instance_ID/alias/
4. Log in as root, and set the file user and group to the Certificate System user and group.
su
chown user:group cert8.db
chown user:group key3.db
5. Log out as root. As the Certificate System user, set the file permissions.
chmod 00600 cert8.db
chmod 00600 key3.db
6. List the certificates in the security databases using the certutil command. In this example, -L lists the certific-
ates.
certutil -L -d .
Server-Cert cert-old_OCSP_instance cu,cu,cu
caSigningCert cert-old_OCSP_instance CT,c,
ocspSigningCert cert-old_OCSP_instance cu,cu,cu
7. Open the CS.cfg configuration file.
cd /var/lib/instance_ID/conf/
vi CS.cfg
8. Edit the ocsp.signing.certnickname attribute to reflect the new OCSP instance.
ocsp.signing.certnickname=ocspSigningCert cert-old_OCSP_instance
NOTE
The caSigningCert is not referenced in the CS.cfg file.
9. In the same directory, edit the serverCertNick.conf file to contain the old certificate nickname. For example:
5.3. 6.1 and 6.2 Online Certificate
Status Protocol Manager (OCSP)
Databases