Changing the primary key server

You can change which configured key server is the primary key server with the management GUI or the command-line interface. One key server must be configured as the primary key server on the system and in IBM Security Key Lifecycle Manager. The primary key server copies encryption keys to any additional key servers that are configured for the system. Usually you need to change the primary key server only if the primary key server changes on the IBM Security Key Lifecycle Manager.

Using the management GUI

To change which key server is the primary key server, complete these steps:
  1. In the management GUI, select Settings > Security > Encryption.
  2. Expand Key Servers and right-click a key server that is not marked as the primary and select Make Primary.
  3. The selected key server is now the primary key server.

Using the command-line interface

To change which key server is the primary key server, complete these steps:
  1. To list all the configured key servers and to determine the primary key server, enter the following command:
    lskeyserver
    From the displayed results, verify the IP address and name of the current key server that is designated as the new primary key server.
  2. To change the primary key server, enter the following command:
    chkeyserver -primary id
    where id is the ID of the new primary key server. The previous primary key server is removed automatically as the primary.
Parent topic: Managing encryption