Migrating Security Settings Manually

When you migrate an instance manually, the order in which you perform the migration of the security and the migration of the configuration is different to when you migrate using dsmig. If you migrate the security settings by replacing the default Directory Server 11g Release 1 (11.1.1) certificate and key databases with the old databases, as described in this section, you must migrate the configuration first.

To migrate the security settings manually, perform the following steps:

1. If you have already started using the new instance, stop the instance.

2. Back up the certificate database and key database files on the new instance.

3. Copy the certificate database and key database files from the existing instance to the new instance.

   $ cp serverRoot/alias/slapd-serverID-cert8.db instance-path/alias/slapd-cert8db
   $ cp serverRoot/alias/slapd-serverID-key3.db instance-path/alias/slapd-key3.db

4. Copy the password file from the existing instance to the new instance.

   $ cp serverRoot/alias/slapd-serverID-pin.txt instance-path/alias/slapd-pin.txt

5. Update the certificate database password.

   $ dsadm set-flags instance-path cert-pwd-prompt=on

6. Copy the certificate mapping file from the existing instance to the new instance.

   $ cp serverRoot/shared/config/certmap.conf instance-path/alias/certmap.conf

7. If the existing instance uses an external security token, copy the security module database and the external token library to the new instance.

   $ cp serverRoot/alias/secmod.db instance-path/alias/secmod.db

8. Start the new instance.

The security configuration attributes are migrated when you migrate the rest of the configuration attributes. In this sense, migration of the security settings is not complete until you have migrated the configuration. Migration of the configuration is described in the following section.