Redhat NETSCAPE MANAGEMENT SYSTEM User Manual

Command-Line Tools Guide

Netscape Certificate Management System

Version 6.01

May 2002

Netscape Communications Corporation("Netscape") and its licensorsretain all ownership rights to the softwareprograms offered by
Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the
license agreement for the Software and applicable copyright law.

Your right to copy this documentation is limited by copyright law. Making unauthorized copies, adaptations or compilation works is
prohibited and constitutes a punishable violation of the law. Netscape may revise this documentation from time to time without notice.

THIS DOCUMENTATION IS PROVIDED "AS IS" WITHOUT WARRANTYOF ANY KIND. IN NO EVENT SHALL NETSCAPEBE LIABLE
FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING FROM ANY ERROR IN THIS
DOCUMENTATION, INCLUDING W ITHOUT LIMITATION ANY LOSS OR INTERRUPTION OF BUSINESS, PROFITS, USE, OR DATA.

The Software and documentation are copyright © 2001 Sun Microsystems, Inc. Portions copyright 1999, 2002 Netscape Communications
Corporation. All rights reserved.

Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the United States and other
countries. Other Netscape logos, product names, and service names are also trademarksof NetscapeCommunications Corporation, which
may be registered in some countries. Other product and brand names are the exclusive property of their respective owners.

The downloading, exporting, or reexporting of Netscape software or any underlying information or technology must be in full compliance
with all United States and other applicable laws and regulations. Any provision of Netscape software or documentation to the U.S.
government is with restricted rights as described in the license agreement for that Software.

Contents

AboutThisGuide............................................................... 7

WhatYouShouldAlreadyKnow ..........................................................7

What’sinThisGuide.....................................................................8

ConventionsUsedinThisGuide ..........................................................9

WheretoGoforRelatedInformation......................................................10

Chapter 1 Command-LineTools................................................ 13

Chapter 2 CMSUpgradeUtility................................................. 17

BeforeUpgrading ......................................................................17

BackingUpYourPreviousCMSInstance ...............................................18

LocatingYourPreviousSecurityDatabases .............................................18

CreatingYourPreviousInternalDatabaseFileinLDIFFormat.............................19

CreatinganLDIFFileforCMS4.2or4.5InternalDatabase .............................19

CreatinganLDIFFileforCMS6.0InternalDatabase...................................19

NormalizingYourPreviousInternalDatabaseFile .......................................20

ConvertingtheCMS4.2LDIFFiletoaTextFormat ....................................20

ConvertingtheCMS4.5LDIFFiletoaTextFormat ....................................21

ConvertingtheCMS6.0LDIFFiletoaTextFormat ....................................21

Upgrading.............................................................................21

Installing and Configuring CMS 6.01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

ShuttingDowntheCMS6.01Server....................................................22

Installing the Old Security Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Installing CMS 4.2 or 4.5 Security Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Installing CMS 6.0 Security Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Installing the Old Internal Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

UpdatingtheCMS6.01PasswordCache ................................................24

3

StartingUptheCMS6.01Server....................................................... 24

AfterUpgrading ....................................................................... 25

Chapter 3 Password Cache Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Location .............................................................................. 27

Syntax ................................................................................ 28

Usage................................................................................. 28

ListingtheContentsofthePasswordCache............................................. 29

Adding a New Entry to the Password Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

ChangingthePasswordofanEntryinthePasswordCache ............................... 30

DeletinganEntryFromthePasswordCache ............................................ 31

Chapter 4 PIN Generator Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

LocatingthePINGeneratorTool ......................................................... 33

ThesetpinCommand ................................................................... 34

Command-LineSyntax ............................................................... 34

Arguments....................................................................... 34

Example ......................................................................... 37

HowtheToolWorks ................................................................... 38

InputFile........................................................................... 40

OutputFile ......................................................................... 42

HowPINsAreStoredintheDirectory ................................................. 43

ExitCodes .......................................................................... 43

Chapter 5 Extension Joiner Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Location .............................................................................. 46

Syntax ................................................................................ 46

Usage................................................................................. 46

Chapter 6 BackingUpandRestoringData ....................................... 49

BackupandRestoreTools ............................................................... 49

BackingUpData ....................................................................... 50

WhattheBackupToolDoes........................................................... 50

WhattheBackupToolDoesNotDo.................................................... 53

RunningtheBackupTool............................................................. 53

AfterYouFinishaBackup ............................................................ 54

RestoringData......................................................................... 55

BeforeYouRestoreData.............................................................. 55

RunningtheRestoreTool............................................................. 57

4 Netscape Certificate Management System Command-Line Tools Guide • May 2002

Chapter 7 ASCIItoBinaryTool................................................. 61

Location...............................................................................61

Syntax ................................................................................61

Example...............................................................................62

Chapter 8 BinarytoASCIITool................................................. 63

Location...............................................................................63

Syntax ................................................................................63

Example...............................................................................64

Chapter 9 PrettyPrintCertificateTool........................................... 65

Location...............................................................................65

Syntax ................................................................................65

Example...............................................................................66

Chapter 10 PrettyPrintCRLTool............................................... 69

Location...............................................................................69

Syntax ................................................................................69

Example...............................................................................70

Index ........................................................................ 73

5

6 Netscape Certificate Management System Command-Line Tools Guide • May 2002

About This Guide

The Command-Line Tools Guide describes various command-line tools or utilities
that are bundled with Netscape Certificate Management System (CMS). It provides
the information such as the command syntax, platform support, examples, and so
on, required to use these tools.

This preface has the following sections:

• What You Should Already Know (page 7)

• What’s in This Guide (page 8)

• Conventions Used in This Guide (page 9)

• Where to Go for Related Information (page 10)

What You Should Already Know

This guide is intended for experienced system administrators who are planning to
deploy Certificate Management System. CMS agents should refer to CMS Ag ent’s
Guide for information on how to perform agent tasks, such as handling certificate
requests and revoking certificates.

This guide assumes that you

• Are familiar with the basic concepts of public-key cryptography and the Secure
Sockets Layer (SSL) protocol.

❍ SSL cipher suites
❍ The purpose of and major steps in the SSL handshake

7

What’s in This Guide

• Understand the concepts of intranet, extranet, and the Internet security and the
role of digital certificates in a secure enterprise. These include the following
topics:

❍ Encryption and decryption
❍ Public keys, private keys, and symmetric keys
❍ Significance of key lengths
❍ Digital signatures
❍ Digital certificates, incl uding various types of digital certificates
❍ The role of digital certificates in a public-key infrastructure (PKI)
❍ Certificate hierarchies

If you are new to these concepts, we recommend that you read the
security-related appendixes of the accompanying manual, Manag ing Server s
with Netscape Cons ole.

• Are familiar with the role of Netscape Console in managing Netscape version

6.x servers. Otherwise, see the accompanying manual, Managing Servers with
Netscape Console.

• Are reading this guide in conjunction with the documentation listed in “Where
to Go for Related Information” on page 10.

What’s in This Guide

This guide covers the following topics:

• Chapter 1, “Command-Line Tools” Provides an overview of the command-line
tools provided with Certificate Management System, including the ones that
are not covered in this documentation.

• Chapter 2, “CMS Upgrade Utility” Describes how to use the utility to upgrade
from a previous release of Certificate Management System.

• Chapter 3, “Password Cache Utility” Describes how to use the tool for
managing the single sign-on password cache.

• Chapter 4, “PIN Generator Tool” Describes how to use the tool for generating
unique PINs for your users and f or populating their directory entries with
PINs.

8 Netscape Certificate Management System Command-Line Tools Guide • May 2002

• Chapter 5, “Extension Joiner Tool” Describes how to use the tool for joining
MIME-64 encoded formats of certificate extensions to create a single blob.

• Chapter 7, “ASCII to Binary Tool” Describes how to use the tool for converting
ASCII data to its binary equivalent.

• Chapter 8, “Binary to ASCII Tool” Describes how to use the tool for converting
binary data to its ASCII equivalent.

• Chapter 9, “Pretty Print Certificate Tool” Describes how to use the tool for

printing or viewing the contents of a certificate stored as ASCII base-64 encoded data in
a human-readable form.

• Chapter 10, “Pretty Print CRL Tool” Describes how to use the tool for printing

or viewing the contents of a CRL stored as ASCII base-64 encoded data in a
human-readable form.

Conventions Used in This Guide

This guide uses the following conventions:
The following conventions are used in this guide:

Conventions Used in This Guide

Monospaced font—Thistypefaceisusedforanytextthatappearsonthe

•
computer screen or text that you should type. It’s also used for filenames,
functions, and examples.

Example:

Server Root is the directory where the CMS binaries are kept.

• Italic—Italic type is used for emphasis, book titles, and glossary terms.
Example: This control depends on the access permissions the superadministrator

has set up for you.

• Text within “quotation marks”—Indicates cross-references to other topics
within this guide.

Example: For more information, see “Issuing a Certificate to a New User” on
page 154.

About This Guide 9

WheretoGoforRelatedInformation

• []—Square brackets enclose commands that are optional.
Example:

PrettyPrintCert <input_file> [<output_file>]

<input_file>

specifies the path to the file that contains the base-64

encoded certificate.

<output_file> specifies the path to the file to write the certificate. This

argument is optional; if you don’t specify an output file, the certificate
information is written to the standard output.

<>—Angle brackets enclose variables or placeholders. When following

•
examples, replace the angle brackets and their text with text that applies to
your situation. For example, when path names appear in angle brackets,
substitute the path names used on your computer.

Example: Using Netscape Communicator 4.7x or later, enter the URL for the
Administration Server:

http://<hostname>:<port_number>

• /—A forward slash is used to separate directories in a path. If you use the
Windows NT operating system, you should replace / with \ in paths.

Example: Except for the Security Module Database Tool, you can find all the
other command-line utilities at this location:

<server_root>/bin/cert/tools

• Sidebar text—Sidebar text marks important information. Make sure you read
the information before continuing with a task.

Examples:

NOTE You can use Netscape Console only when Administration Server is

up and running.

CAUTION A caution note documents a potential risk of losing data, damaging

software or hardware, or otherwise disrupting system performance.

Where to Go for Related Information

This section summarizes the documentation that ships with Certificate
Management System, using these conventions:

<server_root> is the directory where the CMS binaries are kept (specified

•
during installation).

10 Netscape Certificate Management System Command-Line Tools Guide • May 2002

Where to Go for Related Information

• <instance_id> is the ID for this instance of Certificate Management System
(specified during installation).

The documentation set for Certificate Management System includes the following:

• Managing Servers with Netscape Console
Provides background information on basic cryptography concepts and the role

of Netscape Console. For the HTML version, open this file:

<server_root>/manual/en/admin/ag/contents.htm

• CMS Installation and Setup Guide
Describes how to plan for, install, and administer Certificate Management

System. To access the installation and configuration information from within
the CMS Installation Wizard or from the CMS window (within Netscape
Console), click any help button. To view the HTML version of this guide, open
this file:

<server_root>/manual/en/cert/setup_guide/contents.htm

• CMS Plug-Ins Guide
Provides detailed reference information on CMS plug-ins. To access this

information from the CMS window within Netscape Console, click any help
button. To view the HTML version of this guide, open this file:

<server_root>/manual/en/cert/plugin_guide/contents.htm

• CMS Command-Line Tools Guide (this guide)
Provides detailed reference information on CMS tools. To view the HTML

version of this guide, open this file:

<server_root>/manual/en/cert/tools_guide/contents.htm

• CMS Customization Guide
Provides detailed reference information on customizing the HTML-based

agent and end-entity interfaces. To view the HTML version of this guide, open
this file:

<server_root>/manual/en/cert/custom_guide/contents.htm

•CMSAgent’sGuide

Provides detailed reference information on CMS agent interfaces. To access
this information from the Agent Services pages, click any help button. To view
the HTML version of this guide, open this file:

<server_root>/cert-<instance_id>/web-apps/agent/manual/agent_gui
de

/contents.htm

About This Guide 11

WheretoGoforRelatedInformation

•End-EntityHelp

Provides detailed reference information on CMS end-entity interfaces. To
access this information from the end-entity pages, click any help button. To
view the HTML version of this guide, open this file:

<server_root>/cert-<instance_id>/web-apps/ee/manual/ee_guide/con
tents.htm

For a complete list of CMS documentation, open the

<server_root>/manual/index.html file. For the latest information about

Certificate Management System, check the CMS Release Notes and other
documents available at this site:

http://enterprise.netscape.com/docs/cms.index.html

12 Netscape Certificate Management System Command-Line Tools Guide • May 2002

Command-Line Tools

Netscape Certificate Management System (CMS) is bundled with various
command-line utilities. This chapter summarizes these utilities and provides
pointers to chapters that further explain them.

Table 1-1 summarizes the command-line utilities that are bundled with Certificate
Management System.

Table 1-1 Summary of command-line utilities

Utility/Tool Function

Batch/Shell Scripts located under <server_root>/bin/cert/upgrade/:

Chapter 1

Upgrade Utility Updrades from a CMS 4.2, 4.5, or 6.0 instance to a CMS 6.01

instance. For or details, see Chapter 2, “CMS Upgrade Utility.”

Batch/Shell Scripts located under <server_root>/bin/cert/tools/ (require jre):

PasswordCache

(Password Cache Utility)

AtoB

(ASCII to BinaryTool)

BtoA

(Binary to ASCII Tool)

PrettyPrintCert

(Pretty Print Certificate Tool)

PrettyPrintCrl

(Pretty Print CRL Tool)

Executable tools located under <server_root>/bin/cert/tools:

Manipulates the contents of the single sign-on password cache.
For details, see Chapter 3, “Password Cache Utility.”

Converts ASCII base-64 encoded data to binary base-64 encoded
data. For details, see Chapter 7, “ASCII to Binary Tool.”

Converts binary base-64 encoded data to ASCII base-64 encoded
data. For details, see Chapter 8, “Binary to ASCII Tool.”

PrintsthecontentsofacertificatestoredasASCIIbase-64encoded
data in a human-readable form. For details, see Chapter 9, “Pretty
Print Certificate Tool.”

Prints the contents of a CRL stored as ASCII base-64 encoded data
in a human-readable form. For details, see Chapter 10, “Pretty
Print CRL Tool.”

13

Table 1-1 Summary of command-line utilities (Continued)

Utility/Tool Function

certutil

(Certificate and Key Database Tool)

View and manipulate the certificate database (cert7.db)andkey
database (key3.db) contents. For details, check the

http://www.mozilla.org/projects/security/pki/nss
/tools/.site.

setpin

(PIN Generator tool)

Generates PINs for end users for directory- and PIN-based
authentication. For details, see Chapter 4, “PIN Generator Tool.”

signtool

(Netscape Signing Tool)

Digitally signs any file, including log files. For details, check the

http://www.mozilla.org/projects/security/pki/nss
/tools/.site.

ssltap

(SSL Debugging Tool)

Used to debug SSL applications. For details, check the

http://www.mozilla.org/projects/security/pki/nss
/tools/.site.

Perl Scripts located under <server_root>/bin/cert/tools (require _perl):

cmsbackup Copies all of the pertinent data and configuration files for a CMS

instance, the local Administration Server, and local Netscape
DirectoryServers that the instance uses into a compressed archive.
For details, see Chapter 6, “Backing Up and Restoring Data.”

cmsrestore Opens a named archive, extracts the data, and uses it to restorethe

configuration of a CMS instance. For details, see Chapter 6,
“Backing Up and Restoring Data.”

Executable tools located under <server_root>/shared/bin:

modutil

(Security Module Database Tool)

Used for managing the PKCS #11 module information within

secmod.db files or within hardware tokens. For details,check the
http://www.mozilla.org/projects/security/pki/nss
/tools/.site.

Third-party executable tools located under <server_root>/bin/cert/tools:

dumpasn1 Dumps the contents of binary base-64-encodeddata.Note that the

tool is freeware that is packaged with Certificate Management
System for your convenience. For more information about this
tool, check this site: http://www.cs.auckland.ac.nz/~pgut001/

Third-party support tools located under <server_root>:

14 Netscape Certificate Management System Command-Line Tools Guide • May 2002

Table 1-1 Summary of command-line utilities (Continued)

Utility/Tool Function

bin/base/jre/bin/jre
bin/cert/jre/bin/jre

bin/cert/tools/unzip Decompression utility executable.
bin/cert/tools/zip Compression utility executable.
install/perl perl scripting language executable.

Java runtime executable for Netscape Console.
Java runtime executable for Certificate Management System.
Note that the CMS jre is invoked as cms_daemon during CMS

installation and configuration, as cms_watchdog to monitor the
status of the CMS server, and as cms_server to actually run the
CMS server.

The Certificate Database Tool (certutil), Netscape Signing Tool (signtool), SSL
DebuggingTool(

ssltap), and Security Database Tool (modutil)areapartof

Network Security Services (NSS) tools. The remaining tools are CMS-specific tools.

•The

AtoB, BtoA, PrettyPrintCert, PrettyPrintCrl,anddumpasn1 tools are

useful for converting back and forth between various encodings and formats
you may encounter when dealing with keys and certificates.

• The Password Cache Utility can be used to manipulate the contents of an
existing single sign-on password cache and to create a new cache.

• The PIN Generator tool is used to create PINs for directory authentication.

• The Certificate and Key Database Tool and Security Module Database Tool are
useful for a variety of administrative tasks that involve manipulating certificate
and key databases.

• The Netscape Signing Tool can be used to associate a digital signature with any
file, including CMS log files.

• The SSL Debugging Tool is useful for testing and debugging purposes.

If you find any problems with NSS tools, you may obtain the source code and build
instructions for the very latest version of these tools (and/or potentially a binary
image for the newer tool) at the following URL:

http://www.mozilla.org/projects/security/pki/nss/tools/index.html

Chapter 1 Command-Line Tools 15

If you’re familar with older versions of NSS tools, notice that all Key Database Tool
functions have now been incorporated into the single tool, Certificate Database
Tool, and that several of the command-line options for many of the tools may have
changed. Be sure to check back often to obtain the very latest version of the desired
securitytool,asthissiteisupdatedoften.

16 Netscape Certificate Management System Command-Line Tools Guide • May 2002

Chapter 2

CMS Upgrade Utility

If you have a previous installation of Netscape Certificate Management System
(Certificate Management System), you can use the CMS Upgrade utility for
upgrading to Certificate Management System, version 6.01. The utility enables you
to upgrade from Certificate Management System version 4.2, 4.5, or 6.0 to CMS

6.01.

There are three phases to upgrading from a previous CMS instance. This chapter
explains these phases in the following sections:

• Before Upgrading (page 17)

• Upgrading (page 21)

• After Upgrading (page 25)

Before Upgrading

Before upgrading from a CMS 4.2, 4.5, or 6.0 instance to a CMS 6.01 instance, you
must complete the following tasks:

• Backing Up Your Previous CMS Instance

• Locating Your Previous Security Databases

• Creating Your Previous Internal Database File in LDIF Format

• Normalizing Your Previous Internal Database File

17

Before Upgrading

Backing Up Your Previous CMS Instance

You must backup your existing CMS 4.2, 4.5, or 6.0 instance before you can
upgrade to CMS 6.01.

• For instructions to back up a CMS 4.2 or 4.5 instance, check the CMS
Command-Line Tools Guide that was provided with the product; open the

<server_root>/manual/en/cert/tools_guide/backup.htm file. You can

also find the CMS 4.5 documentation at this site:

http://enterprise.netscape.com/docs/cms/index.html

• For instructions to back up a CMS 6.0 instance,see Chapter 6, “Backing Up and
Restoring Data.”

Locating Your Previous Security Databases

Each instance of Certificate Management System uses a set of key pairs and
certificates, which can be maintained in an internal/software token or a hardware
token, or a combination of both. These tokens contain public keys, private keys,
and relevant PKCS #11 compatible drivers. For more information about tokens,
check CMS In stallation and Setup Guide.

As a part of the upgrade process, you will be required later to import your existing
key pairs and certificates to the new CMS instance. If you used hardware tokens,
keep those tokens and the corresponding passwords handy. If you used software
tokens, make a note of the following for your CMS instance, where

<4x_server_root> is the location of your CMS 4.2 or 4.5 instance and
<60_server_root> is the location of your CMS 6.0 instance:

• Public keys and the corresponding certificates are stored in the certificate
database, this file:

<4x_server_root>/cert-<instance_id>/config/cert7.db
<60_server_root>/alias/cert-<instance_id>-<machine_name>/cert7.d

b

• Private keys are stored in the key database, this file:

<4x_server_root>/cert-<instance_id>/config/key3.db
<60_server_root>/alias/cert-<instance_id>-<machine_name>/key3.db

• PKCS #11 drivers are stored in the security database, this file:

<4x_server_root>/admin-serv/config/secmod.db
<60_server_root>/alias/secmod.db

18 Netscape Certificate Management System Command-Line Tools Guide • May 2002

Before Upgrading

Creating Your Previous Internal Database File in LDIF Format

After locating your previous CMS internal database file, you need to create it in
LDAP Interchange Format (LDIF) format.

• Creating an LDIF File for CMS 4.2 or 4.5 Internal Database

• Creating an LDIF File for CMS 6.0 Internal Database

Creating an LDIF File for CMS 4.2 or 4.5 Internal Database

To create a CMS 4.2 or 4.5 internal database file in LDIF format, enter the following
commands:

cd <4x_server_root>/slapd-<instance_id>-db
./db2ldif

For example:

cd /usr/netscape/server4x/slapd-firefly-db
./db2ldif

The LDIF file is created in the foll owing directory:

<4x_server_root>/slapd-<instance_id>-db/ldif

The default file name is time stamped and is of the form

<year>_<month>_<day>.ldif. For example:
/usr/netscape/server4x/slapd-firefly-db/ldif/2002_04_08_123356.ldif

Creating an LDIF File for CMS 6.0 Internal Database

To create an LDIF file for the CMS 6.0 internal database, enter the following
commands:

cd <60_server_root>/slapd-<instance_id>-db
./db2ldif -n userRoot

For example:

cd /usr/netscape/server60/slapd-firefly-db
./db2ldif -n userRoot

The LDIF file is created in the foll owing directory:

<60_server_root>/slapd-<instance_id>-db/ldif

Chapter 2 CMS Upgrade Utility 19

Before Upgrading

The default file name is time stamped and is of the form

<year>_<month>_<day>.ldif. For example:

/usr/netscape/server60/slapd-firefly-db/ldif/2002_04_08_123356.l
dif

Normalizing Your Previous Internal Database File

To import a CMS 4.2 or 4.5 LDIF file into a CMS 6.01 instance, you need to adjust
the LDIF file by deleting the first two LDIF entries. (You don’t need to delete the
first two entries in the CMS 6.0 LDIF file.)

For example, delete:

dn: dc=<hostname>,dc=netscape,dc=com ...
dn: cn=ldap://:38900,dc=<hostname>,dc=netscape,dc=com ...

The first line of the LDIF file should now be:

dn: o=netscapeCertificateServer

Next, you need to convert the adjusted LDIF files to a text format:

• Converting the CMS 4.2 LDIF File to a Text Format

• Converting the CMS 4.5 LDIF File to a Text Format

• Converting the CMS 6.0 LDIF File to a Text Format

NOTE In the sections that follow, replace

<server_root>/bin/cert/upgrade.

Converting the CMS 4.2 LDIF File to a Text Format

If you are upgrading from a CMS 4.2 instance to a CMS 6.01 instance:

1. Execute the 42ToTxt command:

cd <upgrade_tool>/42ToTxt
export SERVER_ROOT=<42_server_root>
run.sh <42_ldif> > <42_txt>

2.

Execute the TxtTo601 comm and:

20 Netscape Certificate Management System Command-Line Tools Guide • May 2002

<upgrade_tool> with

cd <upgrade_tool>/TxtTo601
export SERVER_ROOT=<601_server_root>
run.sh <42_txt> > <601_ldif>

Converting the CMS 4.5 LDIF File to a Text Format

If you are upgrading from a CMS 4.5 instance to a CMS 6.01 instance:

1. Execute the 45ToTxt command:

cd <upgrade_tool>/45ToTxt
export SERVER_ROOT=<45_server_root>
run.sh <45_ldif> > <45_txt>

2.

Execute the TxtTo601 command:

cd <upgrade_tool>/TxtTo601
export SERVER_ROOT=<601_server_root>
run.sh <45_txt> > <601_ldif>

Converting the CMS 6.0 LDIF File to a Text Format

If you are upgrading from a CMS 6.0 instance to a CMS 6.01 instance:

Upgrading

1. Execute the 60ToTxt command:

2.

Upgrading

The following procedures describe how to upgrade from a CMS 4.2, 4.5, or 6.0
instance to a CMS 6.01 instance.

• Installing and Configuring CMS 6.01

cd <upgrade_tool>/60ToTxt
export SERVER_ROOT=<60_server_root>
run.sh <60_ldif> > <60_txt>

Execute the TxtTo601 command:

cd <upgrade_tool>/TxtTo601
export SERVER_ROOT=<601_server_root>
run.sh <60_txt> > <601_ldif>

Chapter 2 CMS Upgrade Utility 21

Upgrading

• Shutting Down the CMS 6.01 Server

• Installing the Old Security Databases

• Installing the Old Internal Database

• Starting Up the CMS 6.01 Server

Installing and Configuring CMS 6.01

Install a CMS 6.01 instance into a separate server root. Refer to theCMS Installation
and Setup Guide for instructions on how to install Certificate Management System.

NOTE Later on you will overwrite the CMS 6.01 configuration information,

such as keys and subject names, with your previous CMS 4.2, 4.5, or

6.0 internal security databases.

Shutting Down the CMS 6.01 Server

After configuring CMS 6.01, shut down your CMS 6.01 instance and the
corresponding internal database, where
CMS 6.01 instance:

cd <601_server_root>/cert-<instance_id>
./stop-cert
cd <601_server_root>/slapd-<instance_id>-db
./stop-slapd

<601_server_root> is the location of your

Installing the Old Security D atabases

You need to install your old CMS 4.2, 4.5, or 6.0 security database into your new
CMS 6.01 installation.

• Installing CMS 4.2 or 4.5 Security Databases

• Installing CMS 6.0 Security Databases

22 Netscape Certificate Management System Command-Line Tools Guide • May 2002

Upgrading

Installing CMS 4.2 or 4.5 Security Databases

InstallyourpreviousCMS4.2or4.5securitydatabasesbycopyingthemtoyour
new CMS 6.01 installation using the following commands:

cp <4x_cert7> \
<601_server_root>/alias/cert-<instance_id>-<machine_name>-cert7.db

cp <4x_key3> \
<601_server_root>/alias/cert-<instance_id>-<machine_name>-key3.db

cp <4x_secmod> <601_server_root>/alias/secmod.db

For example:

cd /usr/netscape/server42/cert-firefly/config
cp cert7.db \

/usr/netscape/server601/alias/cert-firefly-firefly-cert7.db
cp key3.db \

/usr/netscape/server601/alias/cert-firefly-firefly-key3.db
cd /usr/netscape/server42/admin-serv/config
cp secmod.db /usr/netscape/server601/alias/secmod.db

Installing CMS 6.0 Security Databases

Install your previous CMS 6.0 security databases by copying them to your new
CMS 6.01 installation using the following commands:

cp <60_cert7> \
<601_server_root>/alias/cert-<instance_id>-<machine_name>-cert7.db

cp <60_key3> \
<601_server_root>/alias/cert-<instance_id>-<machine_name>-key3.db

cp <60_secmod> <601_server_root>/alias/secmod.db

For example:

cd /usr/netscape/server60/cert-firefly/config
cp cert7.db \

/usr/netscape/server601/alias/cert-firefly-firefly-cert7.db
cp key3.db \

/usr/netscape/server601/alias/cert-firefly-firefly-key3.db
cd /usr/netscape/server60/alias
cp secmod.db /usr/netscape/server601/alias/secmod.db

Chapter 2 CMS Upgrade Utility 23