It is important to keep a backup of the certificates for the management server on which the certificate server runs. Otherwise, if you lose or corrupt the management server's certificates, you would need to reissue every node certificate.
You can backup the certificates to files, which you should remove from the management server and store securely. You need to backup three certificates from management server:
Backup the management server certificate using the following command:
ovcm -exportcacert -file <file> [-pass <pass_phrase>]
The command generates a file with the name that you specify. If
you specify the -pass
option and the pass phrase
contains spaces, surround it with quotation marks (""). If you omit
the -pass
option, the command prompts you for a
password.
ovcert -exporttrusted -ovrg server -file <file>
The command generates a file with the name that you specify.
ovcert -list -ovrg server
The alias of the node certificate is the long sequence of characters, which appears under the heading "Certificates". For example:
+---------------------------------------------------------+
| Keystore Content (OVRG: server) |
+---------------------------------------------------------+
| Certificates: |
| cdc7b5a2-9dd6-751a-1450-eb556a844b55 (*) |
+---------------------------------------------------------+
| Trusted Certificates: |
| CA_cdc7b5a2-9dd6-751a-1450-eb556a844b55 (*) |
+---------------------------------------------------------+
Backup the node certificate using the following command:
ovcert -exportcert -file <file> -alias <alias> [-pass <pass_phrase>]
The command generates files with the names that you specify. If
you specify the -pass
option and the pass phrase
contains spaces, surround it with quotation marks (""). If you omit
the -pass
option, the command prompts you for a
password.
Restore the management server certificate using the following command:
ovcm -importcacert -file <file> [-pass <pass_phrase>]
The command restores the certificate from a file with the name
that you specify. To restore the certificate, you need the pass
phrase that was used to create the file. If you specify the
-pass
option and the pass phrase contains spaces,
surround it with quotation marks (""). If you omit the
-pass
option, the command prompts you for the
password.
Restore the trusted certificate using the following command:
ovcert -importtrusted -file <file>
Restore the node certificate using the following command:
ovcert -importcert -file <file> [-pass <pass_phrase>]
The command imports the certificates from the file.