Restoring Data72 Netscape Certificate Management System Command-Line Tools Guide • February 2003• During configuration, you still need to create new keys and certificates for anyservers that use the internal token. You only need to create these keys tocomplete the configuration process. Your signing, SSL, or DRM transportcertificates will be restored (replacing whatever you create during the newconfiguration) when you run the restore script.The user running the restore tool will probably need superuser (UNIX) orAdministrator (Windows NT) privileges. The user running the tool will needprivileges to do the following:• Read the backup zip archive• Create a temporary working directory in the directory where the archive islocated• Create directories and files in the server root and server instance directories(for example, if the CMS.cfg file needs to be restored)• Run the bak2db tool for any Netscape Directory Servers that are being restored• (UNIX) Change file ownership of the LDAP database backup files to theDirectory Server user. The Directory Server user is defined by the localuserparameter in slapd.conf. If the Directory Server user is different from the userrunning cmsrestore, the user running the tool must be able to run chown tochange the owner of the files to the LDAP server user (typically only thesuperuser has this privilege).The process of restoring data will require that some servers be stopped andrestarted. If any of your servers require passwords to start (for example, if theyneed to unlock the key database in order to listen for SSL requests), you will beprompted for the password. If any passwords have changed since you created thebackup archive, make sure you know the password that was valid at the time thearchive was created.Running the Restore ToolTo run cmsrestore:1. Log in to the machine where the CMS instance you want to restore is installedand open a command shell.2. Change to the CMS server instance directory in the server root. For example, ifyour server root is /usr/netscape/servers and the instance ID of the serveryou want to restore is cmsinstance:# cd /usr/netscape/servers/cert-cmsinstance