Table of Contents
Advertisement
From your local machine, access either the Administration Server or the Server
1.
Manager and choose the Security tab.
For the Server Manager you must first select the server instance from the
drop-down list.
Choose:
2.
Migrate 3.X Certificates link from the Administration Server
Migrate Certificate link from the Server Manager.
Enter the 3.6 Server Root.
3.
Enter the Alias.
4.
Enter the Password.
5.
Click OK.
6.
For the Server Manager, click Apply, and then Restart for changes to take
7.
effect.
Using the Built-in Root Certificate Module
The dynamically loadable root certificate module included with Enterprise Server
6.1 contains the root certificates for many CAs, including VeriSign. The root
certificate module allows you to upgrade your root certificates to newer versions in
a much easier way than before. In the past, you were required to delete the old root
certificates one at a time, then install the new ones one at a time. To install
well-known CA certificates, you can now simply update the root certificate module
file to a newer version as it becomes available through future versions of Enterprise
Server or in Service Packs.
Because the root certificate is implemented as a PKCS#11 cryptographic module,
you can never delete the root certificates it contains, and the option to delete will
not be offered when managing these certificates. To remove the root certificates
from your server instances, you can disable the root certificate module by deleting
the following in the server's
•
(on most UNIX platforms)
libnssckbi.so
•
(on HP-UX)
libnssckbi.sl
•
(on Windows NT/Windows 2000)
nssckbi.dll
subdirectory:
alias
Chapter 5
Migrating Certificates When You Upgrade
Securing Your Enterprise Server
99
Advertisement
Table of Contents
