Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 217

cd /var/lib/instance_ID/alias/
b. Generate the new master key. For example:
tksTool -M -n new_master -d /var/lib/rhpki-tks/alias -h token_name
Generating a new master key on the TKS is described in more detail in
Keys".
3. Open the TKS's configuration file.
vi /etc/rhpki-tks/CS.cfg
4. Map the new master key's identifier, 02, to its PKCS #11 object nickname in the TKS's CS.cfg
file by adding the tks.mk_mappings.#02#01 and tks.defKeySet.mk_mappings.#02#01
parameters.
tks.mk_mappings.#02#01=token_name:nickname
tks.defKeySet.mk_mappings.#02#01=token_name:nickname
The values for the token_name and nickname follow the parameters outlined in
Configuration Parameters for Key
Mapping master keys in the TKS configuration is described in more detail in
"Configuring the TKS to Associate the Master Key with Its
5. Start the TKS instance.
/etc/init.d/rhpki-tks start
6. Stop the TPS instance to edit its configuration.
/etc/init.d/rhpki-tps stop
7. Edit the TPS's configuration file.
vi /etc/rhpki-tps/CS.cfg
8. Change the symmetricKeys.enable and requiredVersion parameters to use the newly-
generated master keys on the TKS. For example:
op.operation_type.update.symmetricKeys.enable=true
op.operation_type.userKey.update.symmetricKeys.requiredVersion=2
• For the enroll operation, the lines begin with op.enroll.
• For the format operation, the lines begin with op.format.
Update".
Configuring Symmetric Key Changeover
Section 9.2, "Using Master
Table 8.13, "TKS
Section 9.3,
Version".
195