Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 Manual page 92

Chapter 7. Migrating a TKS Instance to Certificate System 8.0
tks.mk_mappings.#tks_master_key_version_number#01=internal:tks_master_key_version_name
A tks.mk_mappings value looks like the following:
tks.mk_mappings.#02#01=internal:tks_master_key_v2
In this example, 02 is the tks_master_key_version_ number, and tks_master_key_v2 is
the tks_master_key_version_name.
4. Copy the certificate and key security databases from the 7.x server to the 8.0 server.
cp old_server_root/alias/cert-old_instance-cert8.db /var/lib/new_TKS_instance/alias/
cert8.db
cp old_server_root/alias/cert-old_instance-key3.db /var/lib/new_TKS_instance/alias/key3.db
WARNING
Changing either the instance name or the fully-qualified domain name is not
supported for migration. The fully-qualified domain name of the host machine for the
new instance must be the same as the fully-qualified domain name of the original
instance. Likewise, the new instance name must also be the same as the original
instance name.
The instance and domain information has to be the same for both instances because
the certificate and key material — among other instance and database information —
has to be the same.
5. Open the Certificate System alias/ directory.
cd /var/lib/new_TKS_instance/alias/
6. Log in as root.
7. Set the file user and group to the Certificate System user and group.
# chown user:group cert8.db
# chown user:group key3.db
8. Log out as root. As the Certificate System user, change the permissions on the files.
chmod 00600 cert8.db
chmod 00600 key3.db
9. List the certificates in the security databases using the certutil command. In this example, -L
lists the certificates.
certutil -L -d .
82