Case Ii: Security Databases To Hsm Migration - Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE Manual

caSigningCert cert-old_DRM_instance CT,c,
kraStorageCert cert-old_DRM_instance u,u,u
kraTransportCert cert-old_DRM_instance u,u,u
NOTE
The certificate database is automatically converted from cert7.db to cert8.db.
7. Remove the cert7.db database from the alias/ directory.
rm cert7.db
8. Open the CS.cfg configuration file.
cd /var/lib/instance_ID/conf/
vi CS.cfg
9. Edit the kra.storageUnit.nickname and kra.transportUnit.nickname attributes to reflect the new
DRM information.
kra.storageUnit.nickname=
kraStorageCert cert-old_DRM_instance
kra.transportUnit.nickname=
kraTransportCert cert-old_DRM_instance
NOTE
The caSigningCert is not referenced in the CS.cfg file.
10. In the same directory, edit the serverCertNick.conf file to contain the old certificate nickname. For example:
vi serverCertNick.conf
Server-Cert cert-old_DRM_instance

4.2.2. Case II: Security Databases to HSM Migration

1. Remove all the security databases in the new Certificate System which will receive migrated data.
rm /var/lib/instance_ID/alias/cert8.db
rm /var/lib/instance_ID/alias/key3.db
2. Copy the certificate and key security databases from the old server to the new server.
cp old_server_root/alias/cert-old_DRM_instance-cert7.db
/var/lib/instance_ID/alias/cert7.db
cp old_server_root/alias/cert-old_DRM_instance-key3.db
/var/lib/instance_ID/alias/key3.db
3. Log into the new server as the Certificate System user, and open the Certificate System alias/ directory.
cd /var/lib/instance_ID/alias/
4. Log in as root, and set the file user and group to the Certificate System user and group.
4.2. 6.0 Data Recovery Manager
(DRM) Migration
Databases