15.3.6. Step 6: Migration of Internal Databases
To migrate the data from the 6.1 OCSP internal databases to the 7.3 OCSP internal databases, do the following:
For more information on migrating internal databases, refer to Section 9.8, “Migrating Internal Databases for 6.1”.
Log into the new OCSP server instance on server.example.com as the Certificate System user, and export the new internal database content to LDIF.
cd /opt/redhat-ds/slapd-DS-instance/db/ db2ldif -n server.example.com-rhpki-ocsp
The location and name of the LDIF file is shown once the conversion from the database to LDIF is complete.
ldif file: /opt/redhat-ds/slapd-DS-instance/ldif/2005_06_07_843092.ldif
Open the given LDIF location, and rename the LDIF file new.ldif.
cd /opt/redhat-ds/slapd-DS-instance/ldif mv 2005_06_07_843092.ldif new.ldif
Since the Certificate System migration utility is platform independent, always use the latest version of the migration utility on both server installations. The latest migration tools are available in the /bin/cert/upgrade directory of the new server instance.
For this example, since the new Certificate System migration utility was already installed during the CA migration previously, there is no need to install it again for the OCSP migration.
Run the db2ldif command to export the database contents to LDIF.
cd /usr/netscape/servers/slapd-ocsp-db db2ldif -n userRoot
The location and name of the LDIF file is shown once the conversion from the database to LDIF is complete.
ldif file: /usr/netscape/servers/slapd-ocsp-db/ldif/2005_06_07_914768.ldif
Open the given LDIF location, and rename the LDIF file old.ldif.
cd /usr/netscape/servers/slapd-ocsp-db/ldif mv 2005_06_07_914768.ldif old.ldif
Adjust the LDIF content of old.ldif.
For this example, the LDIF file is small, so any text editor works. For large files, use an appropriate program.
Convert the old.ldif file to a text file.
Open the version-to-text directory in the 6.1 migration directory.
cd /usr/netscape/servers/bin/cert/migrate/61ToTxt
Edit the run.sh script by uncommenting and setting the values for the following lines:
Run the run.sh to use the old.ldif file to create a text file.
run.sh /usr/netscape/servers/slapd-ocsp-db/ldif/old.ldif > /usr/netscape/servers/slapd-ocsp-db/ldif/old.txt
Open the 6.1 OCSP LDIF directory, and copy the old.txt file into the 7.3 OCSP internal database LDIF directory.
cd /usr/netscape/servers/slapd-ocsp-db/ldif cp /usr/netscape/servers/slapd-ocsp-db/ldif/old.txt /opt/redhat-ds/slapd-DS-instance/ldif
Log into the new OCSP server instance on server.example.com as the Certificate System user, and open the Certificate System ldif/ directory.
cd /opt/redhat-ds/slapd-DS-instance/ldif
Log in as root, and set the file user and group to the Certificate System user and group.
su chown pkiuser:pkiuser old.txt
Log out as root. As the Certificate System user, change the permissions on the file.
chmod 00600 old.txt
Convert the old.txtfile to LDIF.
Open the text-to-version directory.
cd /usr/share/rhpki/migrate/TxtTo72
Edit the run.sh script by uncommenting and setting the values for the following lines:
Run run.sh to use old.txt to create an LDIF file.
run.sh /opt/redhat-ds/slapd-DS-instance/ldif/old.txt > /opt/redhat-ds/slapd-DS-instance/ldif/old.ldif
Import the old.ldif LDIF file into the 7.3 OCSP internal database.