How to export or import your certificate

Article:TECH142577  |  Created: 2010-10-25  |  Updated: 2011-10-20  |  Article URL http://www.symantec.com/docs/TECH142577
Article Type
Technical Solution


Issue



If you want to fully backup your Symantec Security Information Manager (SSIM), you need to also save your certificate.


Cause



The certificate is used to digitally sign the event archive. When you get an audit you need to show the auditor that the archive was not tempered, to do so you can verify the archive in the WebUI.


Solution



To export your certificate (you need to verify first in WebUI the exact label name you are using). By default the certificate is called SESA.

Exporting (backup) key.kdb file to another file sesa2.kdb (db) and setting password symantec  for the kdb file (at ssh prompt):
gsk7cmd.ssim -cert -export -db /etc/symantec/ses/key.kdb -pw `/opt/Symantec/simserver/bin/get_stash_pwd.pl /etc/symantec/ses/key.sth` -label SESA -type cms -target sesa2.kdb -target_pw symantec -target_type cms

Once this is done you need to copy/backup to a safe location the file called sesa2.kdb.


Importing certificate SESA from the exported key.db and setting the label to test9552 (at ssh prompt)
gsk7.ssim -cert -import -db sesa2.kdb -pw symantec -type cms -target /etc/symantec/ses/key.kdb -target_pw `/opt/Symantec/simserver/bin/get_stash_pwd.pl /etc/symantec/ses/key.sth` -target_type cms -label SESA -new_label test9552

It is required before doing command above to have a good understanding of SSIM and certificates. Running any of commands above could potentially affect the running certificate of your appliance. Do test those commands in pre-production environment before attempting to do so in a production. 


Attachments

GSKCapiCmd User’s Guide
GSK7c_CapiCmd_UserGuide.pdf (274 kBytes)



Article URL http://www.symantec.com/docs/TECH142577


Terms of use for this information are found in Legal Notices