While attempting to upgrade a cert8.db to cert9.db while migrating the certificates, the certutil --upgrade-merge command is failing with an error.  The following syntax is being used:

./certutil --upgrade-merge -d <new_certificate_database_directory> -P cert9.db -f <password.txt> --source-dir <existing_certificate_database_directory> --source-prefix cert8.db --upgrade-id <unique-ID> -@ <pwd_new_certificate_database_directory>

Release : 12.8

Component : SITEMINDER -POLICY SERVER

The documentation incorrectly advises the use of the --source-prefix in the command syntax, but this is not a recommended option with --upgrade-merge option and should be omitted.

The --source-prefix option should be omitted.  The --upgrade-id can be any unique value.  Assuming this is the first time the --upgrade-merge option is being used on this host, this value can be any text string at all.  Command syntax:

./certutil --upgrade-merge -d <new_certificate_database_directory> -P cert9.db --source-dir <existing_certificate_database_directory> --upgrade-id <unique-ID> --upgrade-token-name internal

This command syntax will result in two prompts for a password.  The first prompt is for the password on the old cert8.db.  The second prompt is for the password for the new cert9.db.

The product documentation has been updated to omit the --source-prefix option and now shows the correct command syntax.