The third step of the process occurs on the Existing SAKA node whose MASK file was used in step N-2-16. Migration keys are created for all encryption domain keys to be imported on the NEW node
- Login as 'strongauth' into the SAKA
- Startup 2 shell windows
- In Window2, go the /usr/local/strongauth/<payara-version>/glassfish/domains/domain1/logs directory
shell> cd /usr/local/strongauth/<payara-version>/glassfish/domains/domain1/logs
- In Window2, run the tail -f command on the server.log file
shell> tail -f server.log
- In Window1, change directory to /usr/local/strongauth/bin
shell> cd ~/bin
- In Window1, execute the KMTool.sh
shell> ./KMTool.sh
- Using the Red, Green and Blue flash-drives, set the PINs for the three Key Custodians to authorize access to the TPM. Select a domain to migrate the key from and use the Domain Administrator's Credentials to authorize the migration of the Encryption Domain Key. Using the MASK file generated in step N-2-16, create the Migration Key Blob. Repeat these steps for each domain key to be migrated.