Moving a single-server credential store to an existing clustered credential store

Follow these steps move a non-clustered server and credential store to an existing cluster and credential store.

About this task

In this procedure, original server refers to the server you are moving to the cluster and target server refers to one server in the cluster.

Procedure

  1. From the original server, use the following server console command to export the data in its credential store to a new database in the local data directory: 
    keymgmt export credstore <database> <target_server>
    where
    • <database> is the name of a new database to store the data.
    • <target_server> is the Notes hierarchical name of the target server in the cluster.
    For example: 
    keymgmt export credstore credstorecopy.nsf hubserver/renovations
  2. Copy the new database to the target server data directory.
  3. From the original server, rename the credstore.nsf file. For example, rename it to credstore_orig.nsf
  4. Change the Server document of the original server to specify the name of the cluster and then restart the server.
  5. Replicate credstore.nsf from the target server to the original server.
  6. From the target server, export the named encryption key in the server ID file and save it to a key file in the program directory: 
    keymgmt export nek <nekname> <nekname>.key <password>
    where <nekname> is the key name, <nekname>.key is the name of the key file to create, and <password> is a password for the key file.
    For example: 
    keymgmt export nek credstorekey credstorekey.key passw0rd
    Verify that you see a message similar to the following one indicating that the export was successful: 
    5558:0006-4A64] 06/12/2020 09:07:42.69 AM NEK > NEK credstorekey - Fingerprint A8C5 9018 C714 3F05 E574 93D9 5E70 005A 5371 4A71
[5558:0006-4A64] NEK credstorekey exported successfully
  7. Copy the key file from the target server program directory to the original server program directory.
  8. From the original server, import the named encryption key in the key file into the server ID file: 
    keymgmt import nek overwrite <nekname>.key <password>
    where <nekname>.key is the name of the key file and <password> is the password for the key file. For example: 
    keymgmt import nek overwrite credstorekey.key passw0rd
  9. From the target server, populate the target server credential store with the credential store data from the original server that you exported and copied in steps 1 and 2: 
    keymgmt import credstore <database>
    where <database> is the name of the database with the exported data. For example:
    keymgmt import credstore credstorecopy.nsf