Restoring rollover certificates and key groups

Rollovers that are configured for LTO key groups and 3592 certificates are not automatically restored from the earlier versions. To specify these rollovers manually in version 4.2.1, use the rollover file schedulerTask.txt, which is created in the WAS_HOME/products/sklm/config directory during the restore process.

Procedure

  1. Open a command prompt.
  2. Go to the following directory.
    Windows
    SKLM_INSTALL_HOME\migration\bin
    Linux®
    SKLM_INSTALL_HOME/migration/bin
  3. Run the following command.
    Windows
    Run the recreatetask.bat utility.
    recreatetask.bat WAS_HOME SKLMADMIN_USER SKLMADMIN_PASSWD 
    SKLM_HOME\config\schedulerTask.txt Logfile SKLM_INSTALL_HOME
    Linux
    Run the recreatetask.sh utility.
    ./recreatetask.sh WAS_HOME SKLMADMIN_USER SKLMADMIN_PASSWD 
    SKLM_HOME/config/schedulerTask.txt Logfile SKLM_INSTALL_HOME
    Where, Logfile is the log file name to which the log information is written, for example:
    C:\Program Files\IBM\WebSphere\Liberty\products\sklm\logs\rolloverlogs.txt

    SKLMADMIN_USER and SKLMADMIN_PASSWD are IBM Security Guardium Key Lifecycle Manager administrator user ID and the password.

    For the definitions of WAS_HOME, SKLM_HOME, and SKLM_INSTALL_HOME, see Definitions for HOME and other directory variables.

    Note: On Windows operating systems, you must add double slash in the path and specify the path within double quotation marks if the path contains spaces, for example,
    recreatetask.bat "C:\\Program Files\\IBM\\WebSphere\\Liberty" SKLMAdmin SKLMAdminPwd 
    "C:\\Program Files\\IBM\\WebSphere\\Liberty\\products\\sklm\\config\\schedulerTask.txt" 
    "C:\\Program Files\\IBM\\WebSphere\\Liberty\\products\\sklm\\logs\\rolloverlogs.txt" "C:\\Program Files\\IBM\\GKLMV421"