ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahudcmbackuprecover.htm

95 lines
6.7 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Backup and recovery considerations for DCM data" />
<meta name="abstract" content="Use this information to learn how to ensure that important DCM data is added to your backup and recovery plan for your system." />
<meta name="description" content="Use this information to learn how to ensure that important DCM data is added to your backup and recovery plan for your system." />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4aagetstarteddcm.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4apcaanotherdcm.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="dcm_backup_recover" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Backup and recovery considerations for DCM data</title>
</head>
<body id="dcm_backup_recover"><a name="dcm_backup_recover"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Backup and recovery considerations for DCM data</h1>
<div><p>Use this information to learn how to ensure that important DCM
data is added to your backup and recovery plan for your system.</p>
<p>The encrypted key database passwords that you use to access certificate
stores in Digital Certificate Manager (DCM) are stored, or <em>stashed</em>,
in a special security file on your system. When you use DCM to create a certificate
store on your system, DCM automatically stashes the password for you. However,
you need to manually ensure that DCM stashes certificate store passwords under
certain circumstances. </p>
<p>An example of one such circumstance is when you use DCM to create a certificate
for another <span class="uicontrol">iSeries</span> system and you choose to use the
certificate files on the target system to create a new certificate store.
In this situation, you need to open the newly created certificate store and
use the <span class="uicontrol"> Changepassword</span> task to change the password
for the certificate store on the target system, which ensures that DCM stashes
the new password. If the certificate store is an Other System Certificate
Store, you should also specify that you want to use the <span class="uicontrol">Auto login</span> option
when you change the password. To learn more about using DCM to create certificates
for other <span class="keyword">iSeries™</span> systems,
see Use a Local CA to issue certificates for other <span class="keyword">iSeries</span>
systems. </p>
<p>Additionally, you must specify the <span class="uicontrol">Auto login</span> option
whenever you change or reset the password for an Other System Certificate
Store.</p>
<div class="p">To ensure that you have a complete backup of critical DCM data, you must
do the following: <ul><li>Use the save (SAV) command to save all <samp class="codeph">.KDB</samp> and <samp class="codeph">.RDB</samp> files.
Every DCM certificate store is comprised of two files, one with a <samp class="codeph">.KDB</samp> extension
and one with a <samp class="codeph">.RDB</samp> extension.</li>
<li>Use the save system (SAVSYS) command and the save security data (SAVSECDTA)
command to save the special security file that contains the key database passwords
for certificate store access. To restore the DCM password security file, use
the restore user profiles (RSTUSRPRF) command and specify <samp class="codeph">*ALL</samp> for
the user profile (USRPRF) option.</li>
</ul>
</div>
<p>Another recovery consideration concerns the use of the SAVSECDTA operation
and the potential for the current certificate store passwords to become out
of sync with the passwords in the saved DCM password security file. If you
change the password for a certificate store after you do a SAVSECDTA operation,
but before you restore the data from that operation, the current certificate
store password will be out of sync with the one in the restored file. </p>
<p>To avoid this situation, you must use the <span class="uicontrol">Change password</span> task
(under <span class="uicontrol">Manage Certificate Store</span> in the navigation frame)
in DCM to change certificate store passwords after you restore the data from
a SAVSECDTA operation to ensure that you get the passwords back in sync. However,
in this situation do not use the <span class="uicontrol">Reset Password</span> button
that displays when you select a certificate store to open. When you attempt
to reset the password, DCM tries to retrieve the stashed password. If the
stashed password is out of sync with the current password, the reset operation
will fail. If you do not change certificate store passwords often, you may
want to consider doing a SAVSECDTA every time you change these passwords to
ensure that you always have the most current stashed version of the passwords
saved in case you ever need to restore this data.</p>
<p> </p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu4aagetstarteddcm.htm" title="Use this information to help you decide how and when you might use digital certificates to meet your security goals. Use this information to learn about any prerequisites you need to install, as well as other requirements that you must consider before using DCM.">Plan for DCM</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzahurzahu4apcaanotherdcm.htm" title="Review this information to learn how to use a private Local CA on one system to issue certificates for use on other iSeries systems.">Use a Local CA to issue certificates for other iSeries systems</a></div>
</div>
</div>
</body>
</html>