As explained in Configuring and deploying Certificate Authorities, the Vendor field of the HSM configuration page allows selecting the following Hardware security modules.
Vendor | Description |
|---|---|
none | A built-in software PKCS #11 module (not recommended). |
nshield | An Entrust nShield HSM. See HSM requirements for the supported versions. |
On test environments, you can change the Vendor parameter value of an already deployed Certificate Authorities solution.
Changing vendor from none to nShield
See below for changing the value of the Vendor parameter from none to nShield.
To change the vendor from none to nShield
- Create a new database, as explained in Creating the Certificate Authorities database, or recreate the public schema of the database.
- Run the following command.
sudo kubectl delete namespace pkihub-v202410180954 - Set the Vendor field of the HSM configuration page to nShield.
- Save the configuration.
- Redeploy the solution.
Changing vendor from nShield to none
See below for changing the value of the Vendor parameter from nShield to none.
Use pkihub as solution identifier when running the clusterctl solution config export and clusterctl solution config import commands.
To change the vendor from nShield to none
- Create a new database, as explained in Creating the Certificate Authorities database, or recreate the public schema of the database.
- Run the following command.
sudo kubectl delete namespace pkihub-v202410180954 - Set the Vendor field of the HSM configuration page to none.
- Save the configuration.
- Export the configuration files with the clusterctl solution config export command.
- Delete the
configfolder of the HSM installation. - Delete the
kmdata.tarfile of the HSM installation. - Import the configuration files with the clusterctl solution config import command.
- Redeploy the solution.