Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE Manual page 78
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE:
- Administration manual (512 pages) ,
- Manual (108 pages) ,
- Reference manual (337 pages)
Table of Contents
Advertisement
su
chown user:group cert7.db
chown user:group key3.db
5.
Log out as root. As the Certificate System user, set the file permissions.
chmod 00600 cert7.db
chmod 00600 key3.db
6.
Use the certutil tool to list all of the old Certificate System certificates. In this example, -L lists the certificates,
and -X forces them to be read/write.
certutil -L -X -d .
Server-Cert cert-old_DRM_instance cu,cu,cu
caSigningCert cert-old_DRM_instance cT,c,
kraStorageCert cert-old_DRM_instance u,u,u
kraTransportCert cert-old_DRM_instance u,u,u
NOTE
The certificate database is automatically converted from cert7.db to cert8.db.
7.
Export the public/private key pairs of each entry in the Certificate System databases using the pk12util tool; -o
exports the key pairs to a PKCS #12 file, and -n sets the name of the certificate and the old database prefix.
pk12util -o ServerCert.p12 -n "Server-Cert cert-old_DRM_instance" -d .
Enter Password or Pin for "NSS Certificate DB":********
Enter password for PKCS12 file: ********
Re-enter password: ********
pk12util: PKCS12 EXPORT SUCCESSFUL
pk12util -o kraStorageCert.p12 -n "kraStorageCert cert-old_DRM_instance" -d .
Enter Password or Pin for "NSS Certificate DB":********
Enter password for PKCS12 file: ********
Re-enter password: ********
pk12util: PKCS12 EXPORT SUCCESSFUL
pk12util -o kraTransportCert.p12 -n "kraTransportCert cert-old_DRM_instance" -d .
Enter Password or Pin for "NSS Certificate DB":********
Enter password for PKCS12 file: ********
Re-enter password: ********
pk12util: PKCS12 EXPORT SUCCESSFUL
NOTE
The old security databases may contain additional public/private key pairs; these can also be extracted using
pk12util.
8.
Export the public/private key pairs of each entry in the Certificate System databases using the certutil tool; -L
lists the named certificate, -n sets the name of the file and the old prefix, and -a saves the output to a base-64 file.
certutil -L -n "caSigningCert cert-old_DRM_instance" -d . -a > caSigningCert.b64
NOTE
4.2. 6.0 Data Recovery Manager
(DRM) Migration
Databases
Advertisement
Chapters
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
Related Products for Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE and is the answer not in the manual?
Questions and answers