User manual REDHAT SYSTEM 8.0 MIGRATION GUIDE 7.X TO 8.0

DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!

If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual REDHAT SYSTEM 8.0. We hope that this REDHAT SYSTEM 8.0 user guide will be useful to you.


REDHAT SYSTEM 8.0 MIGRATION GUIDE 7.X TO 8.0: Download the complete user guide (618 Ko)

You may also download the following manuals related to this product:

   REDHAT SYSTEM 8.0 MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT (1481 ko)

Manual abstract: user guide REDHAT SYSTEM 8.0MIGRATION GUIDE 7.X TO 8.0

Detailed instructions for use are in the User's Guide.

[. . . ] Red Hat Certificate System 8. 0 Migration Guide 7. x to 8. 0 Publication date: July 22, 2009, updated on March 22, 2010 Matthew Harmsen Migration Guide Red Hat Certificate System 8. 0 Migration Guide 7. x to 8. 0 Edition 8. 0. 7 Author Editor Copyright © 2009 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution­Share Alike 3. 0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons. org/licenses/by-sa/3. 0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. [. . . ] Open the Certificate Management System 7. x /alias directory. 51 Chapter 5. Migrating a DRM Instance to Certificate System 8. 0 cd old_server_root/alias b. Set the LD_LIBRARY_PATH environment variable to search the Certificate System libraries. LD_LIBRARY_PATH=old_server_root/bin/cert/lib export LD_LIBRARY_PATH c. Use the Certificate Management System 7. x certutil tool to identify the old HSM slot name. old_server_root/bin/cert/tools/certutil -U -d . d. Use the Certificate Management System 7. x certutil tool to extract the public key from the security databases and save the base-64 output to a file. old_server_root/bin/cert/tools/certutil -L -n "old_HSM_slot_name:caSigningCert cert-old_DRM_instance" -d . Copy the key information from the 7. x server to the 8. 0 server. cp old_server_root/alias/caSigningCert. b64 /var/lib/instance_ID/alias/ caSigningCert. b64 4. Open the Certificate System /alias directory. cd /var/lib/instance_ID/alias/ 5. Set the file user and group to the Certificate System user and group. # chown user:group ServerCert. p12 # chown user:group kraStorageCert. p12 # chown user:group kraTransportCert. p12 # chown user:group caSigningCert. b64 7. Log out as root, and log back into the system as the Certificate System user. Set the file permissions. chmod 00600 ServerCert. p12 chmod 00600 kraStorageCert. p12 chmod 00600 kraTransportCert. p12 chmod 00600 caSigningCert. b64 9. Register the new HSM in the 8. 0 token database. 52 Option 4: HSM to HSM Migration modutil -nocertdb -dbdir . -add new_HSM_token_name -libfile new_HSM_library_path/ new_HSM_library 10. Import the public/private key pairs of each entry from the PKCS #12 files into the new HSM. pk12util -i ServerCert. p12 -d . -h new_HSM_slot_name Enter Password or Pin for "new_HSM_slot_name":******** Enter password for PKCS12 file: ******** pk12util: PKCS12 IMPORT SUCCESSFUL pk12util -i kraStorageCert. p12 -d . -h new_HSM_slot_name Enter Password or Pin for "new_HSM_slot_name":******** Enter password for PKCS12 file: ******** pk12util: PKCS12 IMPORT SUCCESSFUL pk12util -i kraTransportCert. p12 -d . -h new_HSM_slot_name Enter Password or Pin for "new_HSM_slot_name":******** Enter password for PKCS12 file: ******** pk12util: PKCS12 IMPORT SUCCESSFUL 12. Optionally, delete the PKCS #12 files. rm ServerCert. p12 rm kraStorageCert. p12 rm kraTransportCert. p12 13. Set the trust bits on the public/private key pairs that were imported into the new HSM. certutil -M -n "new_HSM_slot_name:Server-Cert cert-old_DRM_instance" -t "cu, cu, cu" -d . h new_HSM_token_name certutil -M -n "new_HSM_slot_name:kraStorageCert cert-old_DRM_instance" h new_HSM_token_name -t "u, u, u" -d . - certutil -M -n "new_HSM_slot_name:kraTransportCert cert-old_DRM_instance" -t "u, u, u" -d . Import the public key from the base-64 file into the new HSM, and set the trust bits. certutil -A -n "new_HSM_slot_name:caSigningCert cert-old_DRM_instance" -t "CT, c, " -d . Open the CS. cfg configuration file in the /var/lib/instance_ID/conf/ directory. 53 Chapter 5. Edit the kra. storageUnit. nickname and kra. transportUnit. nickname attributes to reflect the 8. 0 DRM information. kra. storageUnit. nickname=new_HSM_slot_name:kraStorageCert cert-old_DRM_instance kra. transportUnit. nickname=new_HSM_slot_name:kraTransportCert cert-old_DRM_instance NOTE The caSigningCert is not referenced in the CS. cfg file. 18. [. . . ] Set the LD_LIBRARY_PATH environment variable to search the Certificate System libraries. LD_LIBRARY_PATH=old_server_root/bin/cert/lib export LD_LIBRARY_PATH c. Use the Certificate System 7. x certutil tool to identify the old HSM slot name. 111 Chapter 8. Migrating a TPS Instance to 8. 0 old_server_root/bin/cert/tools/certutil -U -d . d. Use the Certificate System 7. x certutil tool to extract the public key of the following entries from the security databases and save each base-64 output to a separate file. old_server_root/bin/cert/tools/certutil -L -n "old_HSM_slot_name:caSigningCert cert-old_TPS_instance" -d . Copy the key data from the 7. x server to the 8. 0 server. cp old_server_root/alias/caSigningCert. b64 /var/lib/new_TPS_instance/alias/ caSigningCert. b64 5. [. . . ]

DISCLAIMER TO DOWNLOAD THE USER GUIDE REDHAT SYSTEM 8.0




Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual REDHAT SYSTEM 8.0 will begin.

 

Copyright © 2015 - manualRetreiver - All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.