Case Ii: Security Databases To Hsm Migration - Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE Manual

DRM instance.
kra.storageUnit.nickname=
kraStorageCert cert-old_DRM_instance
kra.transportUnit.nickname=
kraTransportCert cert-old_DRM_instance
NOTE
The caSigningCert is not referenced in the CS.cfg for the DRM instance.
10. In the same directory, edit the serverCertNick.conf file to contain the old certificate nickname. For example:
vi serverCertNick.conf
Server-Cert cert-old_DRM_instance

2.2.2. Case II: Security Databases to HSM Migration

1. Remove all the security databases in the new Certificate System which will receive migrated data.
rm /var/lib/instance_ID/alias/cert8.db
rm /var/lib/instance_ID/alias/key3.db
2. Copy the certificate and key security databases from the old server to the new server.
cp old_server_root/cert-old_DRM_instance/config/cert-old_DRM_instance-cert7.db
/var/lib/instance_ID/alias/cert7.db
cp old_server_root/cert-old_DRM_instance/config/cert-old_DRM_instance-key3.db
/var/lib/instance_ID/alias/key3.db
3. Log into the new server as the Certificate System user, and open the alias/ directory.
cd /var/lib/instance_ID/alias/
4. Log in as root, and set the file user and group to the Certificate System user and group.
su
chown user:group cert7.db
chown user:group -key3.db
5. Log out as root. As the Certificate System user, set the file permissions on the databases.
chmod 00600 cert7.db
chmod 00600 key3.db
6. Use the certutil tool to list all of the old Certificate Management System certificates. In this example, -L lists the
certificates, and -X forces them to be read/write.
certutil -L -X -d .
Server-Cert cert-old_DRM_instance cu,cu,cu
caSigningCert cert-old_DRM_instance cT,c,
kraStorageCert cert-old_DRM_instance u,u,u
2.2. 4.2 Data Recovery Manager
(DRM) Migration
Databases