1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
  6. Manual

Option 3: Hsm To Security Databases Migration - Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Manual

Migration guide 7.x to 8.0
Hide thumbs
Table of Contents

Advertisement

Chapter 6. Migrating a OCSP Instance to Certificate System 8.0
NOTE
The caSigningCert is not referenced in the CS.cfg file.
21. In the same directory, edit the serverCertNick.conf file to contain the old certificate
nickname. For example:
new_HSM_slot_name:Server-Cert cert-old_OCSP_instance

6.1.3. Option 3: HSM to Security Databases Migration

1. Extract the public/private key pairs from the HSM. The format for the extracted key pairs should be
portable, such as a PKCS #12 file.
WARNING
Changing either the instance name or the fully-qualified domain name is not
supported for migration. The fully-qualified domain name of the host machine for the
new instance must be the same as the fully-qualified domain name of the original
instance. Likewise, the new instance name must also be the same as the original
instance name.
The instance and domain information has to be the same for both instances because
the certificate and key material — among other instance and database information —
has to be the same.
The pk12util tool provided by Certificate System cannot extract public/private key pairs from an
HSM because of requirements in the FIPS 140-1 standard which protect the private key. To extract
this information, contact the HSM vendor. The extracted keys should not have any dependencies,
such as nickname prefixes, on the HSM.
2. Copy the extracted key pairs from the 7.x server to the 8.0 server.
cp old_server_root/alias/ServerCert.p12 /var/lib/new_OCSP_instance/alias/ServerCert.p12
cp old_server_root/alias/ocspSigningCert.p12 /var/lib/new_OCSP_instance/alias/
ocspSigningCert.p12
3. Extract the public key of the CA signing certificate from the 7.x security databases and save the
base-64 encoded output to a file called caSigningCert.b64.
a. Open the Certificate Management System 7.x /alias directory.
cd old_server_root/alias
b. Set the LD_LIBRARY_PATH environment variable to search the Certificate System libraries.
LD_LIBRARY_PATH=old_server_root/bin/cert/lib
68

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 and is the answer not in the manual?

Questions and answers

Related Manuals for Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0

Related Products for Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0

This manual is also suitable for:

Certificate system 8.0 - administration

Table of Contents