Case Ii: Security Databases To Hsm Migration - Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE Manual

4. Log in as root, and set the file user and group to the Certificate System user and group.
su
chown user:group cert7.db
chown user:group key3.db
5. Log out as root. As the Certificate System user, set the permissions on the security database files.
chmod 00600 cert7.db
chmod 00600 key3.db
6. Use the certutil tool to list all of the old Certificate System certificates. In this example, -L lists the certificates,
and -X forces them to be read/write.
certutil -L -X -d .
Server-Cert cert-old_CA_instance cu,cu,cu
caSigningCert cert-old_CA_instance cu,cu,cu
NOTE
The certificate database is automatically converted from cert7.db to cert8.db.
7. Remove the cert7.db file from the alias/ directory.
rm cert7.db
8. Open the CS.cfg configuration file in the CA instance directory.
cd /var/lib/instance_ID/conf
vi CS.cfg
9. Modify the values for the ca.signing.cacertnickname and ca.ocsp_signing.cacertnickname at-
tributes to reflect the new CA instance.
ca.signing.cacertnickname=
caSigningCert cert-old_CA_instance
ca.ocsp_signing.cacertnickname=
caSigningCert cert-old_CA_instance
10. In the same directory, edit the serverCertNick.conf file to contain the old certificate nickname. For example:
vi serverCertNick.conf
Server-Cert cert-old_CA_instance

1.2. Case II: Security Databases to HSM Migration

1. Remove all the security databases in the new Certificate System which will receive migrated data.
rm /var/lib/instance_ID/alias/cert8.db
1.2. Case II: Security Databases to
HSM Migration
13 Chapter 7. Step 4: Migrating Security