Red Hat Directory Server B.08.00.02 for HP-UX Release Notes and Supplemental Instructions
CAUTION: A password file contains the password for the SSL private key token in clear text
and is a security risk. If you create a password file, HP recommends that you delete it after you
complete the migration.
NOTE: If the server host or CA certificate is expired, the server cannot start during the migration
process, and the migration fails. Although previous Directory Server versions can operate with
expired certificates, Red Hat Directory Server 8.0 and later versions cannot start with expired
certificates. If you have expired certificates, you must renew those certificates before migrating
or disable SSL. For more information, seeSection 6.5.1 (page 48).
6.5.1 Disabling SSL
Use the following procedure to temporarily disable SSL for the Directory Server:
1. After you stop the legacy Directory Server (the Directory Server that you are going to
migrate), set the current working directory to the config subdirectory in the instance data
directory.
For 6.11 or 6.21 Directory Servers:
cd /var/opt/netscape/servers/slapd-instance/config
For 7.1 Directory Servers:
cd /var/opt/netscape/server7/slapd-instance/config
2. Edit the dse.ldif file. Change
nsslapd-security: on
to
nsslapd-security: off
If there is no entry for the nsslapd-security attribute or the value is already set to off,
you are not using SSL to secure your Directory Server, and you do not have to complete this
procedure.
6.5.1.1 Re-enabling SSL Security
After the migration script completes, use the following procedure to re-enable SSL security on
the new Directory Server.
1. Stop the Directory Server:
/opt/dirsrv/slapd-instance/stop-slapd
2. Set the current working directory to the instance data directory:
cd /etc/opt/dirsrv/slapd-instance
3. Edit the dse.ldif file. Change
nsslapd-security: off
to
nsslapd-security: on
4. Restart the Directory Server:
/opt/dirsrv/slapd-instance/start-slapd
48 Migrating to Red Hat Directory Server 8.0