search cancel

certutil --upgrade-merge command not working

book

Article ID: 243030

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

While attempting to upgrade a cert8.db to cert9.db while migrating the certificates, the certutil --upgrade-merge command is failing with an error.  The following syntax is being used:

./certutil --upgrade-merge -d <new_certificate_database_directory> -P cert9.db -f <password.txt> --source-dir <existing_certificate_database_directory> --source-prefix cert8.db --upgrade-id <unique-ID> [email protected] <pwd_new_certificate_database_directory>

Environment

Release : 12.8

Component : SITEMINDER -POLICY SERVER

Cause

The documentation incorrectly advises the use of the --source-prefix in the command syntax, but this is not a recommended option with --upgrade-merge option and should be omitted.

Resolution

The --source-prefix option should be omitted.  The --upgrade-id can be any unique value.  Assuming this is the first time the --upgrade-merge option is being used on this host, this value can be any text string at all.  Command syntax:

./certutil --upgrade-merge -d <new_certificate_database_directory> -P cert9.db --source-dir <existing_certificate_database_directory> --upgrade-id <unique-ID> --upgrade-token-name internal

This command syntax will result in two prompts for a password.  The first prompt is for the password on the old cert8.db.  The second prompt is for the password for the new cert9.db.

The product documentation has been updated to omit the --source-prefix option and now shows the correct command syntax.