Moving the credential store application

When you move or decommission a server that includes a credential store application (credstore.nsf), be sure to manage the movement of the credential store so that it functions properly after the change. Moving the credential store application requires different steps depending on whether the servers are in a cluster or not, and whether a server is being decommissioned. You perform all of the steps for moving a credential store at the Domino® server console, and you can check the key fingerprints displayed either in the console itself or in the server console log. For syntax and examples on the Keymgmt commands, see the related topics.

Moving the credential store in and out of clusters

Procedure

  1. Do one of the following:
  2. If you are moving a non-clustered server to a new cluster, and the moved server will become the first server in the cluster, follow these steps to move the credential store from the non-clustered server:
    1. Use the keymgmt export command to copy the credential store data to a file.
    2. Rename the credstore.nsf file.
    3. Change the server document to specify the new cluster name, and restart the server.
    4. Use the keymgmt create command to create a new credential store application.
    5. Use the keymgmt import command to populate the new credential store application with the copied credential store data from the file you created in step 1.
  3. If you are moving a non-clustered server to an existing cluster that already has a credential store, follow these steps to move the credential store from the non-clustered server:
    1. Use the keymgmt export command to copy the credential store data to a file.
    2. Rename the credstore.nsf file.
    3. Change the server document to specify the name of the existing cluster, and restart the server.
    4. Use the keymgmt create command to create a new credential store application.
    5. At another server in the existing cluster, use the keymgmt export and keymgmt import commands to examine the document encryption key in the server ID file.
    6. On the server you are moving, create a replica of the credential store application from the server where you confirmed the server ID file contains the correct document encryption key.
    7. Use the keymgmt import command to populate the new credential store replica with the copied credential store data from the file you created in step 1.
  4. If you are moving a server that already has a credential store out of a cluster, follow these steps to move the credential store:
    1. Use the keymgmt export command to copy the credential store data to a file.
    2. Rename the credstore.nsf file.
    3. Change the server document to remove the server from the cluster, and restart the server.
    4. Use the keymgmt create command to create a new credential store application.
    5. Use the keymgmt import command to populate the new credential store replica with the copied credential store data from the file you created in step 1.
  5. If you are moving a clustered server to a new cluster, and the moved server will become the first server in the new cluster, follow these steps to move the credential store:
    1. Use the keymgmt export command to copy the credential store data to a file.
    2. Rename the credstore.nsf file.
    3. Change the server document to specify the new cluster name, and restart the server.
    4. Use the keymgmt create command to create a new credential store application.
    5. Use the keymgmt import command to populate the new credential store application with the copied credential store data from the file you created in step 1.
  6. If you are moving a clustered server to a different existing cluster, follow these steps to move the credential store:
    1. Use the keymgmt export command to copy the credential store data to a file.
    2. Rename the credstore.nsf file.
    3. Change the server document to remove the server from its original cluster, and restart the server.
    4. On the server you are moving, create a replica of the credential store application from another server in the target cluster where you have confirmed the server ID file contains the correct document encryption key.
    5. Use the keymgmt import command to populate the new credential store replica with the copied credential store data from the file you created in step 1.

Moving the credential store from a decommissioned server

About this task

Follow this procedure when you want to decommission a server and move an existing credential store application from the server being decommissioned to another (target) server.

Procedure

  1. Use the keymgmt export command to copy the credential store data to a file.
  2. If the server to which you are moving the credential store application (the target) is not clustered, use the keymgmt create command on the target server to create a new credential store application.
  3. Use the keymgmt import command to populate the credential store application on the target server with the copied credential store data from the file you created in step 1.