PKI Server Backup

From Dogtag
Jump to: navigation, search

Overview

This page describes the process to backup a PKI server that can be restored in the future.

Backing up Server Files

First, make sure the server is not running:

$ pki-server stop

Backup the server files with the following command:

$ tar czvf pki-tomcat.tar.gz -C / \
    etc/pki/pki-tomcat \
    etc/sysconfig/pki-tomcat \
    etc/sysconfig/pki/tomcat/pki-tomcat \
    etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service \
    var/lib/pki/pki-tomcat \
    var/log/pki/pki-tomcat

Note: This will include the NSS database.

Backing up LDAP Database

To backup the main database:

$ db2ldif -V -Z localhost \
    -n userRoot \
    -a /var/lib/dirsrv/slapd-localhost/ldif/userRoot.ldif

To backup each subsystem database, check the database name used by each subsystem:

$ pki-server ca-db-config-show
  Hostname: localhost
  Port: 389
  Secure: false
  Authentication: BasicAuth
  Bind DN: cn=Directory Manager
  Bind Password Prompt: internaldb
  Database: ca
  Base DN: dc=ca,dc=pki,dc=example,dc=com
  Multiple suffix: false
  Maximum connections: 15
  Minimum connections: 3

Then execute the following command:

$ db2ldif -V -Z localhost \
    -n ca \
    -a /var/lib/dirsrv/slapd-localhost/ldif/ca.ldif

Note: The output directory must be writable by dirsrv user.

See Also