Product Documentation

The third step of the process occurs on the Existing SAKA node whose MASK file was used in step N-2-16. Migration keys are created for all encryption domain keys to be imported on the NEW node

  1. Login as 'strongauth' into the SAKA
  2. Startup 2 shell windows
  3. In Window2, go the /usr/local/strongauth/<payara-version>/glassfish/domains/domain1/logs directory
    shell> cd /usr/local/strongauth/<payara-version>/glassfish/domains/domain1/logs
  4. In Window2, run the tail -f command on the server.log file
    shell> tail -f server.log
  5. In Window1, change directory to /usr/local/strongauth/bin
    shell> cd ~/bin
  6. In Window1, execute the KMTool.sh
    shell> ./KMTool.sh
  7. Using the Red, Green and Blue flash-drives, set the PINs for the three Key Custodians to authorize access to the TPM. Select a domain to migrate the key from and use the Domain Administrator's Credentials to authorize the migration of the Encryption Domain Key. Using the MASK file generated in step N-2-16, create the Migration Key Blob. Repeat these steps for each domain key to be migrated.