search cancel

certutil --upgrade-merge command not working

book

Article ID: 243030

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

While attempting to upgrade a cert8.db to cert9.db while migrating the certificates, the certutil --upgrade-merge command is failing with an error.  The following syntax is being used:

./certutil --upgrade-merge -d <new_certificate_database_directory> -P cert9.db -f <password.txt> --source-dir <existing_certificate_database_directory> --source-prefix cert8.db --upgrade-id <unique-ID> [email protected] <pwd_new_certificate_database_directory>

Cause

The documentation incorrectly advises the use of the --upgrade-prefix in the command syntax, but this is not a recommended option with --upgrade-merge option and should be omitted.

Environment

Release : 12.8

Component : SITEMINDER -POLICY SERVER

Resolution

The --upgrade-prefix option should be omitted.  The --upgrade-id can be any unique value.  Assuming this is the first time the --upgrade-merge option is being used on this host, this value can be any text string at all.  Command syntax:

./certutil --upgrade-merge -d <new_certificate_database_directory> -P cert9.db --source-dir <existing_certificate_database_directory> --upgrade-id <unique-ID> --upgrade-token-name internal

This command syntax will result in two prompts for a password.  The first prompt is for the password on the old cert8.db.  The second prompt is for the password for the new cert9.db.