do anybody know a way to export all user certificates from ejbca 4.0.16. I want to migrate to ejbca 6.0.4. I'm ready with a new installation of ejbca 6.0.4. Now I want to migrate all data from ejbca 4.0.16 to ejbca 6.0.4.
I'm able to export all CAs (see command line --> ejbca.sh ca exportca). Moreover I want to export the user/server/vpn certificates and import them in the new ejbca instance.
Does anyone know an way respectively is it possible?
Can anyone help me?
I've already done the following steps:
1.exported all root and sub cas from ejbca 4.0.16 and imported them in ejbca 6.0.4 - no problem
2.exported all certificate and end entity profiles and imported them in ejbca 6.0.4 - no problem
Now I want to export all user certificates (with certificate history) and import them in the new version. I know that I have to export the mysql database entries but I don't know exactly which data should not be exported (tomcat, superadmin,...). In addition there are small changes in the database structure.
Which tables and contents should be exported and which not.
Perhaps a silly question, but why didn't you just upgrade instead?
I decided to do a new installation because I want to update different componentes (new vm with new version of os, new version of jdk, new version of jboss, new version of ejbca for ca and ocsp responder).
I think it is a good idea to do a clean new installation to get rid of the old and not needed stuff. Moreover I can test the new environment with the old data before I switch to productive system.
I was able to export all user certs with the help of mysqldump:
mysqldump -u ejbca -p ejbca UserData --no-create-db --no-create-info --insert-ignore > UserData.sql
mysqldump -u ejbca -p ejbca CertificateData --where="issuerDN NOT LIKE 'your initial ca'" --no-create-db --no-create-info --insert-ignore > CertificateData.sql
Then you have to import these files in your new database tables e.g.
mysql -u ejbca -p ejbca < UserData.sql
I don't know if that is the right way. Does anyone has an advice?
With the HistoryData I had no success:
mysqldump -u ejbca-user -p ejbcadb CertReqHistoryData --where="issuerDN NOT LIKE 'your initial ca'" --no-create-db --no-create-info --insert-ignore > CertReqHistoryData.sql
Does anyone has an idea?
am I doing something wrong or should it be done another way?
I honestly don't know really. Haven't had time to look closer into your posts. It is too advanced and takes too much time for me to look into detail. I just don't have that time at the moment.
UserData and certificate data certainly are the most important tables. You can look into how the CLI commands for importcertificate soes thinks, but that requires some digging in the code for you.