chkeyserverkeysecure

Use the chkeyserverkeysecure command to change the system-wide Gemalto SafeNet KeySecure (KeySecure) key server configuration.

Syntax

chkeyserverkeysecure { [ { -sslcertcertificate_file | -nosslcert } ] | [ { -usernameuser_name | -nousername } ] | [ { -passwordpassword | -nopassword } ] | -enable } [ -disable ]

Parameters

-sslcertcertificate_file
(Optional) Specifies the CA certificate that was used to sign the key server certificate.
-nosslcert
(Optional) Removes the existing CA certificate.
-usernameuser_name
(Optional) Specifies the user name that is used for authentication with KeySecure. The value must be an alphanumeric string with a maximum of 64 characters.
-nousername
(Optional) Clears the user name that is used for authentication with KeySecure.
-passwordpassword
(Optional) Specifies the password that is used for authentication with KeySecure. The value must be an alphanumeric string with a maximum of 64 characters.
-nopassword
(Optional) Clears the password that is used for authentication with KeySecure.
-enable
(Optional) Enables the KeySecure key server type.
-disable
(Optional) Disables the KeySecure key server type.

Description

This command changes the KeySecure key server configuration.

Keep the following items in mind when you use this command:
  • The parameters -sslcert and -nosslcert are mutually exclusive.
  • The parameters -username and -nousername are mutually exclusive.
  • The parameters -password and -nopassword are mutually exclusive.
  • The parameters -sslcert, -username, and -password can be set while the status is disabled (or enabled).
  • The parameter -disable is mutually exclusive with all other parameters.

Some invocation examples

chkeyserverkeysecure -sslcert /tmp/keysecureCA.pem -enable

chkeyserverkeysecure -enable

chkeyserverkeysecure -sslcert /dumps/invalid_certificate.pem
CMMVC8794E Invalid certificate file.

chkeyserverkeysecure -nosslcert

chkeyserverkeysecure -enable
CMMVC9128E Cannot enable key server type because it would exceed the permitted number of enabled key server types.

chkeyserverkeysecure -disable
CMMVC9061E Cannot disable key server type because key server objects of this type exist.

chkeyserverkeysecure -username cryptoadmin -password ail4rthi45G1

chkeyserverkeysecure -nousername -nopassword
Parent topic: Encryption commands
Related information
chencryption
chkeyserver
chkeyserverisklm
lsencryption
lskeyserver
lskeyserverisklm
lskeyserverkeysecure
mkkeyserver
rmkeyserver
testkeyserver