Table of Contents
Advertisement
tks.drm_transport_cert_nickname=new_HSM_slot_name:tksTransportCert Cert
cert-old_TKS_instance
29. If a master key was migrated from the 7.x TKS instance, then also insert
the tks.mk_mappings.# tks_master_key_version_number #01=<
new_HSM_slot_name:tks_master_key_version_name line at the end of the CS.cfg. Be
certain that the proper values for tks_master_key_version_number, new_HSM_slot_name, and
tks_master_key_version_name are set.
NOTE
The caSigningCert is not referenced in the CS.cfg file.
30. In the same directory, edit the serverCertNick.conf file to contain the old certificate
nickname. For example:
new_HSM_slot_name:Server-Cert cert-old_TKS_instance
7.1.3. Option 3: HSM to Security Databases Migration
1. Extract the public/private key pairs from the HSM. The format for the extracted key pairs should be
portable, such as a PKCS #12 file.
WARNING
Changing either the instance name or the fully-qualified domain name is not
supported for migration. The fully-qualified domain name of the host machine for the
new instance must be the same as the fully-qualified domain name of the original
instance. Likewise, the new instance name must also be the same as the original
instance name.
The instance and domain information has to be the same for both instances because
the certificate and key material — among other instance and database information —
has to be the same.
The pk12util tool provided by Certificate System cannot extract public/private key pairs from an
HSM because of requirements in the FIPS 140-1 standard which protect the private key. To extract
this information, contact the HSM vendor. The extracted keys should not have any dependencies,
such as nickname prefixes, on the HSM.
2. Log into the 7.x server as the Certificate System user for that machine.
3. Migrate the master key from the 7.x TKS instance. (Depending on your installation, there may not
be any master key information stored in the 7.x TKS instance.)
a. Open the Certificate System 7.x configuration file.
• If the migration is from Certificate System 7.1, open the CS.cfg file in the Certificate
System config directory.
Option 3: HSM to Security Databases Migration
87
Advertisement
Chapters
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
Related Products for Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE
Need help?
Do you have a question about the SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 and is the answer not in the manual?
Questions and answers