Copies Of All Files (There Is At Least One) Containing The Wrapped Master Keys On The Old Hsm; For Example, Tks_Master_Key_V2.Txt; Note; Tkstool -W Option; Copy The Extracted Public/Private Key Pairs From The 7.X Server To The 8.0 Server - Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Manual

Migration guide 7.x to 8.0

page of 124

/ 124
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 7. Migrating a TKS Instance to Certificate System 8.0

• Copies of all files (there is at least one) containing the wrapped master keys on the old HSM; for

example, tks_master_key_v2.txt.

NOTE

These files are created whenever the user generated a new master key using the

tkstool -W option.

5. Copy the extracted public/private key pairs from the 7.x server to the 8.0 server.

cp old_server_root/alias/ServerCert.p12 /var/lib/new_TKS_instance/alias/ServerCert.p12

6. Extract the public key of the "old_HSM_slot_name:caSigningCert cert-old_TKS_instance"

and "old_HSM_slot_name:tksTransportCert cert-old_TKS_instance" from the 7.x security

databases and save the base-64 encoded output to files called caSigningCert.b64 and

tksTransportCert.b64, respectively.

a. Open the Certificate System 7.x alias/ directory.

cd old_server_root/alias

b. Set the LD_LIBRARY_PATH environment variable to search the Certificate System libraries.

LD_LIBRARY_PATH=old_server_root/bin/cert/lib

export LD_LIBRARY_PATH

c. Use the Certificate System 7.x certutil tool to identify the old HSM slot name.

old_server_root/bin/cert/tools/certutil -U -d .

d. Use the Certificate System 7.x certutil tool to extract the public key of the following entries

from the security databases and save each base-64 output to a separate file.

old_server_root/bin/cert/tools/certutil -L -n "old_HSM_slot_name:caSigningCert

cert-old_TKS_instance" -d . -h old_HSM_token_name -a > caSigningCert.b64

old_server_root/bin/cert/tools/certutil -L -n "old_HSM_slot_name:tksTransportCert

cert-old_TKS_instance" -d . -h old_HSM_token_name -a > tksTransportCert.b64

e. Copy the key data from the 7.x server to the 8.0 server.

cp old_server_root/alias/caSigningCert.b64 /var/lib/new_TKS_instance/alias/

caSigningCert.b64

cp old_server_root/alias/tksTransportCert.b64 /var/lib/new_TKS_instance/alias/

tksTransportCert.b64

7. Log into the new server as the Certificate System user, and open the Certificate System alias/

directory.

Table of Contents

Chapters

Table of Contents

Need help?

Do you have a question about the SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 and is the answer not in the manual?

Questions and answers

Related Products for Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0

This manual is also suitable for:

Certificate system 8.0 - administration

Copies Of All Files (There Is At Least One) Containing The Wrapped Master Keys On The Old Hsm; For Example, Tks_Master_Key_V2.Txt; Note; Tkstool -W Option; Copy The Extracted Public/Private Key Pairs From The 7.X Server To The 8.0 Server - Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Manual

NOTE

tkstool -W option.

5. Copy the extracted public/private key pairs from the 7.x server to the 8.0 server.

cp old_server_root/alias/ServerCert.p12 /var/lib/new_TKS_instance/alias/ServerCert.p12

LD_LIBRARY_PATH=old_server_root/bin/cert/lib

export LD_LIBRARY_PATH

Chapters

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0

Related Products for Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0

This manual is also suitable for:

Table of Contents