Red Hat Certificate System

Red Hat Certificate System

Migration Guide: 7.x to 7.3

Red Hat, Inc.

Matthew Harmsen

Edited by

Ella Deon Lackey

Copyright © 2008 Red Hat, Inc.

Legal Notice

March 12, 2008

Abstract

This migration guide provides in-depth procedures to migrate subsystems, user information, and certificate and key materials from Netscape Certificate Management System 7.0 and Red Hat Certificate System 7.1 and 7.2 to Red Hat Certificate System 7.3.

1. Introduction to Red Hat Certificate System Migration
1.1. Certificate System Migration Overview
1.1.1. Migration Scripts
1.1.2. Certificate System Subsystems
1.2. Considerations before Migration
2. Step 1: Preparing the Older Server Instance for Migration
3. Step 2: Installing the New Certificate System
4. Step 3: Stopping the New Certificate System Servers
5. Step 4: Migrating Security Databases
5.1. Certificate Authority (CA) Migration
5.1.1. Option 1: Security Databases to Security Databases Migration
5.1.2. Option 2: Security Databases to HSM Migration
5.1.3. Option 3: HSM to Security Databases Migration
5.1.4. Option 4: HSM to HSM Migration
5.2. Data Recovery Manager (DRM) Migration
5.2.1. Option 1: Security Databases to Security Databases Migration
5.2.2. Option 2: Security Databases to HSM Migration
5.2.3. Option 3: HSM to Security Databases Migration
5.2.4. Option 4: HSM to HSM Migration
5.3. Online Certificate Status Protocol Manager (OCSP) Migration
5.3.1. Option 1: Security Databases to Security Databases Migration
5.3.2. Option 2: Security Databases to HSM Migration
5.3.3. Option 3: HSM to Security Databases Migration
5.3.4. Option 4: HSM to HSM Migration
5.4. Token Key Service (TKS) Migration
5.4.1. Option 1: Security Databases to Security Databases Migration
5.4.2. Option 2: Security Databases to HSM Migration
5.4.3. Option 3: HSM to Security Databases Migration
5.4.4. Option 4: HSM to HSM Migration
6. Step 5: Migrating Password Cache Data
7. Step 6: Migrating Internal Databases
8. Step 7: Customizing User Data (Non-Console)
9. Step 8: Starting All Certificate System 7.3 Instances
10. Step 9: Generate New Certificate System Server Certificates
10.1. Self-Signing an SSL Server Certificate for a CA
10.2. Requesting a New SSL Server Certificate from a Third-Party CA
10.3. Generating a New DRM, OCSP, or TKS SSL Server Certificate
11. Step 10: Customizing User Data (Console)
12. Step 11: Verifying Migration