pk12util: PKCS12 IMPORT SUCCESSFUL
pk12util -i caSigningCert.p12 -d . -h new_HSM_slot_name
Enter Password or Pin for "new_HSM_slot_name":********
Enter password for PKCS12 file: ********
pk12util: PKCS12 IMPORT SUCCESSFUL
9.
Optionally, delete the PKCS #12 files.
rm ServerCert.p12
rm caSigningCert.p12
10. Set the trust bits on the public/private key pairs that were imported into the new HSM.
certutil -M -n "new_HSM_slot_name:Server-Cert cert-old_CA_instance"
-t "cu,cu,cu" -d . -h new_HSM_token_name
certutil -M -n "new_HSM_slot_name:caSigningCert cert-old_CA_instance"
-t "CTu,CTu,CTu" -d . -h new_HSM_token_name
11. Open the new CA instance CS.cfg configuration file.
cd /var/lib/instance_ID/conf/
12. Edit the ca.signing.cacertnickname and ca.ocsp_signing.cacertnickname attributes to reflect
the new HSM information.
ca.signing.cacertnickname=
new_HSM_slot_name:caSigningCert cert-old_CA_instance
ca.ocsp_signing.cacertnickname=
new_HSM_slot_name:caSigningCert cert-old_CA_instance
13. If there is CA-DRM connectivity, then also modify the ca.connector.KRA.nickname.
ca.connector.KRA.nickname=new_HSM_slot_name:caSigningCert cert-old_CA_instance
14. In the same directory, edit the serverCertNick.conf file to contain the old certificate nickname. For example:
vi serverCertNick.conf
new_HSM_slot_name:Server-Cert cert-old_CA_instance
2.2. 4.2 Data Recovery Manager (DRM) Migration
Determine if the Certificate Management System 4.2 Data Recovery Manager (DRM) being migrated uses security data-
bases, HSM, or both. There are four possible migration scenarios; follow the appropriate process for the deployment scen-
ario being migrated.
•
Section 2.2.1, "Case I: Security Databases to Security Databases Migration"
•
Section 2.2.2, "Case II: Security Databases to HSM Migration"
•
Section 2.2.3, "Case III: HSM to Security Databases Migration"
•
Section 2.2.4, "Case IV: HSM to HSM Migration"
2.2.1. Case I: Security Databases to Security Databases Migration
2.2. 4.2 Data Recovery Manager
(DRM) Migration
26
Chapter 7. Step 4: Migrating Security