Chapter 2. Migration Overview

Chapter 2. Migration Overview

The migration process is staged to migrate the different subsets of Certificate System information separately. The general process is as follows:

  1. Install the new Certificate System instances.

  2. Migrate the old Certificate System security databases, which contains the key and certificate materials for the server, to the new Certificate System instances.

  3. Migrate the password database information for the old Certificate System to the new Certificate System password file.

  4. Migrate the old Certificate System internal databases, which contain user and group entries, to the new Certificate System.

  5. Migrate customized server configuration data from the old server to the new Certificate System.

  6. Renew all migrated certificates.

The Certificate System migration utility contains several separate platform-independent tools, but only two are required for migrating a Certificate System installation: one program to convert all of the data in an LDIF that was exported from the older installation into a normalized LDIF text file, and another program to convert the normalized LDIF text file into an LDIF data file that can be imported into the newer Certificate System.

Certificate System migration export utilities are files named versionToTxt: 41ToTxt, 42ToTxt, 42SP2ToTxt, 45ToTxt, 47ToTxt, 60ToTxt, 61ToTxt, 62ToTxt, 70ToTxt, 71ToTxt, and 72ToTxt. Each export tool contains the following files.

The export file to use is determined by the older version of the Certificate System being migrated.

Each compilation batch and shell script is dependent on a specific version of the Java™ software development kit as defined in the comments.

Certificate System migration import utilities are files named TxtToversion: TxtTo60, TxtTo61, TxtTo62, TxtTo70, TxtTo71, and TxtTo72. Each import tool contains the following files.

Each compilation batch and shell script is dependent upon a specific version of the Java™ software development kit as defined in the comments.

NOTE

The scripts to use for migration to Certificate System version 7.2 are in the TxtTo72 directory.

The following table defines the migration export programs and corresponding import programs. An X indicates compatibility between the export and import programs.

 

Migration Import Package

     

Migration Export Package

TxtTo60

TxtTo61

TxtTo62

TxtTo70

TxtTo71

TxtTo72

41ToTxt

X

X

X

X

X

X

42ToTxt

X

X

X

X

X

X

42SP2ToTxt

X

X

X

X

X

X

45ToTxt

X

X

X

X

X

X

47ToTxt

X

X

X

X

X

X

60ToTxt

X

X

X

X

X

X

61ToTxt

-

X

X

X

X

X

62ToTxt

-

-

X

X

X

X

70ToTxt

-

-

-

X

X

X

71ToTxt

-

-

-

-

X

X

72ToTxt

-

-

-

-

-

X

Table 2.1. Migration Import and Export Utility Compatibility Matrix

With the exception of Certificate Management System 4.2 (SP 2) which was itself a major version, the major version number of the migration export/import package is applied to all service packs for that version. (This also applies to installations which contain hot-fixes, individual bug fixes made after a service pack is released.) For example, the 42ToTxt export package should be used for Certificate Management Systems 4.2, 4.2 (SP 1), and 4.2 (SP 1a), regardless of whether any of these versions contained individual hot-fixes. For Certificate Management System 6.01, the 60ToTxt program should be used to export data.

Certificate System installations may exist on different platforms. Additionally, each Certificate System installation may contain more than one type of subsystem or more than one instance of a type of subsystem. The following subsystems may be present in a Certificate System installation:

The following table defines the platforms and subsystems supported by different versions of Certificate System:

Product (including service packs and hot-fixes) Subsystems Platforms

Netscape Certificate Server 1.0

CA

Digital UNIX 3.2C/4.0B, HP-UX 10.10, IBM AIX 4.1.4/4.2, IRIX 5.3/6.2, Solaris 2.4/2.5.1, Windows NT 3.51/4.0 [Intel], Windows NT 4.0 [Alpha]

Netscape Certificate Management System 4.1

CA, RA

Solaris 2.5.1/2.6, Windows NT 4.0 (SP 4)[with NTFS]

Netscape Certificate Management System 4.2

CA, DRM, RA

HP-UX B.11.00, IBM AIX 4.3.2, OSF/1 4.0D, Solaris 2.6/2.7/8, Windows NT 4.0 (SP 4/5/6), Windows 2000

Netscape Certificate Management System 4.2 (SP 2)

CA, DRM, OCSP, RA

Compaq Tru64 4.0D, HP-UX B.11.00, IBM AIX 4.3.3, Solaris 2.6/2.7/8, Windows NT 4.0 (SP 5/6)

Netscape Certificate Management System 4.5

CA, DRM, OCSP, RA

Solaris 2.6/8, Windows NT 4.0 (SP 6a), Windows 2000 (SP 2)

iPlanet Certificate Management System 4.7

CA, DRM, OCSP, RA

Solaris 8, Windows NT 4.0 (SP 6a), Windows 2000

Netscape Certificate Management System 6.0

CA, DRM, OCSP, RA

Solaris 8, Windows 2000 (SP 2)

Netscape Certificate Management System 6.01 [a]

CA, DRM, OCSP, RA

Red Hat Linux 7.2, Red Hat Linux Advanced Server 2.1, Solaris 8

Netscape Certificate Management System 6.1

CA, DRM, OCSP, RA

Solaris 8

Netscape Certificate Management System 6.2

CA, DRM, OCSP, RA

Red Hat Linux Advanced Server 2.1, Solaris 8

Netscape Certificate Management System 7.0

CA, DRM, OCSP, TKS, TPS

Red Hat Linux Advanced Server 2.1, Solaris 8

Red Hat Certificate System 7.1

CA, DRM, OCSP, TKS, TPS

Red Hat Enterprise Linux 3 (AS/ES), Red Hat Enterprise Linux 4 (AS/ES), Solaris 9 [32-bit/64-bit]

Red Hat Certificate System 7.2

CA, DRM, OCSP, TKS, TPS

Red Hat Enterprise Linux AS/ES 4 (i386), Red Hat Enterprise Linux AS/ES 4 (for AMD64 and Intel EM64T), Solaris 9 (64-bit)

[a] Although Certificate Management System 6.01 was considered a service pack of version 6.0, Certificate Management System 6.01 is listed separately in this table because it is supported on different platforms.

Table 2.2. Certificate System Subsystem Types and Platforms