Step 7: Customizing User Data (Non-Console) - Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE:
- Administration manual (512 pages) ,
- Manual (108 pages) ,
- Reference manual (337 pages)
Table of Contents
Advertisement
Chapter 10. Step 7: Customizing User
Data (Non-Console)
Copy all customized plug-ins, profiles, and forms to the new Certificate System, and apply any hand-edited changes to the
new Certificate System CS.cfg file.
For example, if the profile configuration in the old_CA_instance has been changed to enable S/MIME support, make
the same changes to the new_CA_instance.
In the old Certificate System, S/MIME support is enabled by editing the caTokenUserEncryptionKeyEnroll-
ment profile. Migrate these changes over to the new_CA_instance simply by duplicating the configuration.
1.
Log into the old server as the Certificate System user for that machine, and open the Certificate System profiles/
ca/ directory.
2.
Copy the p1 policy set in the caTokenUserEncryptionKeyEnrollment.cfg file, as shown:
policyset.set1.p1.constraint.class_id=noConstraintImpl
policyset.set1.p1.constraint.name=No Constraint
policyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl
policyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault
policyset.set1.p1.default.params.dnpattern=UID=$request.uid$,
policyset.set1.p1.default.params.ldap.enable=true
policyset.set1.p1.default.params.ldap.searchName=uid
policyset.set1.p1.default.params.ldapStringAttributes=uid,mail
policyset.set1.p1.default.params.ldap.basedn=dc=example,dc=com
policyset.set1.p1.default.params.ldap.maxConns=4
policyset.set1.p1.default.params.ldap.minConns=1
policyset.set1.p1.default.params.ldap.ldapconn.Version=2
policyset.set1.p1.default.params.ldap.ldapconn.host=ldaphostA.example.com
policyset.set1.p1.default.params.ldap.ldapconn.port=389
policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false
The above configuration would enable S/MIME support for services that use this profile for obtaining certificates,
such as the token management systems.
3.
Log into the new server as the Certificate System user, and open the Certificate System profiles/ca/ directory.
4.
Manually change the configuration in the new_CA_instance to mimic the old_CA_instance configuration by
editing the p1 policy set in the caTokenUserEncryptionKeyEnrollment.cfg file, as shown:
policyset.set1.p1.constraint.class_id=noConstraintImpl
policyset.set1.p1.constraint.name=No Constraint
policyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl
policyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault
policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, OU=Engineering,
policyset.set1.p1.default.params.ldap.enable=true
policyset.set1.p1.default.params.ldap.searchName=uid
policyset.set1.p1.default.params.ldapStringAttributes=uid,mail
policyset.set1.p1.default.params.ldap.basedn=dc=example,dc=com
policyset.set1.p1.default.params.ldap.maxConns=4
policyset.set1.p1.default.params.ldap.minConns=1
policyset.set1.p1.default.params.ldap.ldapconn.Version=2
policyset.set1.p1.default.params.ldap.ldapconn.host=ldaphostA.example.com
policyset.set1.p1.default.params.ldap.ldapconn.port=389
policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false
The altered profile is now able to serve certificate requests with S/MIME support enabled.
OU=Engineering,O=Example
O=Example
195
Chapter 10. Step 7: Customizing User
Advertisement
Chapters
Table of Contents
