If you want to fully backup your Symantec Security Information Manager (SSIM), you need to also save your certificate.
The certificate is used to digitally sign the event archive. When you get an audit you need to show the auditor that the archive was not tempered, to do so you can verify the archive in the WebUI.
To export your certificate (you need to verify first in WebUI the exact label name you are using). By default the certificate is called SESA.
Exporting (backup) key.kdb file to another file sesa2.kdb (db) and setting password symantec for the kdb file (at ssh prompt):
gsk7cmd.ssim -cert -export -db /etc/symantec/ses/key.kdb -pw `/opt/Symantec/simserver/bin/get_stash_pwd.pl /etc/symantec/ses/key.sth` -label SESA -type cms -target sesa2.kdb -target_pw symantec -target_type cms
Once this is done you need to copy/backup to a safe location the file called sesa2.kdb.
Importing certificate SESA from the exported key.db and setting the label to test9552 (at ssh prompt)
gsk7.ssim -cert -import -db sesa2.kdb -pw symantec -type cms -target /etc/symantec/ses/key.kdb -target_pw `/opt/Symantec/simserver/bin/get_stash_pwd.pl /etc/symantec/ses/key.sth` -target_type cms -label SESA -new_label test9552
It is required before doing command above to have a good understanding of SSIM and certificates. Running any of commands above could potentially affect the running certificate of your appliance. Do test those commands in pre-production environment before attempting to do so in a production.
GSKCapiCmd User’s Guide
GSK7c_CapiCmd_UserGuide.pdf (274.2 KB)