Manualshelf

Migrating Sun Java Directory Server to HP-UX Directory Server White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
11121314151617181920
12
SJDS instance on host1.example.com, then the subject DN of the server certificate would normally
contain “CN=host1.example.com”. An LDAP client attempting to connect to
host2.example.com might then refuse to complete the connection if the certificate’s subject DN still
contains host1.example.com.
In short, if the SJDS instance uses certificates that include the FQDN in the subject, and if the HPDS
host name differs from the SJDS host name, then HP recommends generating new certificates for
HPDS. Because the host name is part of the signature hash of the certificate, the certificate subjects
cannot be changed. However, migration of the certificates is possible if the SJDS server certificate
contains a wildcard that allows it to match the HP-UX system host name on which HPDS will reside.
To verify the subject DN of the SJDS instance’s server certificate, use a command such as the
following. In the command output, look for the CN value in the subject field.
# dsadm show-cert -F readable /export/instance1 defaultCert
Generating or Requesting and Installing New Certificates for HPDS
For information about generating self-signed certificates or requesting and installing a new server
certificate, see the
HP-UX Directory Server Administrator Guide.
Migrating Certificates from SJDS
HPDS and SJDS rely on the same library for encryption. To move their certificate and key databases
from one to the other, follow these steps:
1. Know the key database password. To provide access to the key database for administrative
commands, without prompting for a password each time, SJDS relies on a password that is stored
in an encrypted form in a file. Set the key database password to a known value by enabling
password prompting, as in the following example:
# dsadm set-flags /export/instance1 cert-pwd-prompt=on
Enter the password when prompted.
2. Copy the certificate and key databases from SJDS to HPDS, renaming the files to match the file
names expected by HPDS. Remove the prefix that SJDS added to each file. For example, if SJDS
uses the file name slapd-cert8.db, rename it to cert8.db when copied to HPDS. To copy
and rename the certificate and key database files, use commands similar to the following on the
HPDS host:
# scp host1:/export/instance1/alias/slapd-cert8.db /etc/opt/dirsrv/slapd-
instance1/cert8.db
# scp host1:/export/instance1/alias/slapd-key3.db /etc/opt/dirsrv/slapd-
instance1/key3.db
Configuring the Instance
Configuring the instance involves the following tasks, described in the subsections that follow:
Configure the suffixes and databases
Migrate and configure the schema