Chapter 7. Step 4: Migrating Security
Databases
For every Certificate System subsystem instance migration, the data from the old Certificate System's certificate
(cert7.db or cert8.db) and key (key3.db) security databases must be extracted and copied into the new Certificate
System's alias/ directory. Follow the migration procedure corresponding to the Certificate System being migrated.
•
Section 1, "Certificate Management System 4.1 Certificate Authority (CA) Migration"
•
Section 2, "Certificate Management System 4.2"
•
Section 3, "Netscape Certificate Management System 4.2 (SP 2) and 4.5 and iPlanet Certificate Management System
4.7"
•
Section 4, "Certificate Management System 6.0"
•
Section 5, "Certificate Management System 6.1 and 6.2"
•
Section 6, "Certificate Management System 7.0 and Certificate System 7.1"
1. Certificate Management System 4.1 Certificate
Authority (CA) Migration
Determine if the Certificate Management System 4.1 Certificate Authority (CA) being migrated uses security databases,
HSM, or both. There are four possible migration scenarios; follow the appropriate process for the deployment scenario be-
ing migrated.
•
Section 1.1, "Case I: Security Databases to Security Databases Migration"
•
Section 1.2, "Case II: Security Databases to HSM Migration"
•
Section 1.3, "Case III: HSM to Security Databases Migration"
•
Section 1.4, "Case IV: HSM to HSM Migration"
1.1. Case I: Security Databases to Security Databases Mi-
gration
1.
Remove all the security databases in the new Certificate System which will receive migrated data.
rm /var/lib/instance_ID/alias/cert8.db
rm /var/lib/instance_ID/alias/key3.db
2.
Copy the certificate and key security databases from the old server to the new server.
cp old_server_root/cert-old_CA_instance/config/cert-old_CA_instance-cert7.db
/var/lib/instance_ID/alias/cert7.db
cp old_server_root/cert-old_CA_instance/config/cert-old_CA_instance-key3.db
/var/lib/instance_ID/alias/key3.db
3.
As the Certificate System user account, open the new Certificate System alias/ directory.
cd /var/lib/instance_ID/alias/
12
Chapter 7. Step 4: Migrating Security