chkeyserverkeysecure

Use the chkeyserverkeysecure command to change the system-wide Gemalto SafeNet KeySecure (KeySecure) key server configuration.

Syntax

Read syntax diagramSkip visual syntax diagram chkeyserverkeysecure -sslcertcertificate_file-nosslcert-usernameuser_name-nousername-password'password'-nopassword-enable-disable

Parameters

-sslcert certificate_file
(Optional) Specifies the CA certificate that was used to sign the key server certificate.
-nosslcert
(Optional) Removes the existing CA certificate.
-username user_name
(Optional) Specifies the user name that is used for authentication with KeySecure. The value must be an alphanumeric string with a maximum of 64 characters.
-nousername
(Optional) Clears the user name that is used for authentication with KeySecure.
-password 'password'
(Optional) Specifies the password that is used for authentication with KeySecure. The value must be an alphanumeric string with a maximum of 64 characters. You must enclose the password in single quotation marks.
-nopassword
(Optional) Clears the password that is used for authentication with KeySecure.
-enable
(Optional) Enables the KeySecure key server type.
-disable
(Optional) Disables the KeySecure key server type.

Description

This command changes the KeySecure key server configuration.

Keep the following items in mind when you use this command:
  • The parameters -sslcert and -nosslcert are mutually exclusive.
  • The parameters -username and -nousername are mutually exclusive.
  • The parameters -password and -nopassword are mutually exclusive.
  • The parameters -sslcert, -username, and -password can be set while the status is disabled (or enabled).
  • The parameter -disable is mutually exclusive with all other parameters.

Some invocation examples

chkeyserverkeysecure -sslcert /tmp/keysecureCA.pem -enable

chkeyserverkeysecure -enable

chkeyserverkeysecure -sslcert /dumps/invalid_certificate.pem
CMMVC8794E Invalid certificate file.

chkeyserverkeysecure -nosslcert

chkeyserverkeysecure -enable
CMMVC9128E Cannot enable key server type because it would exceed the permitted number of enabled key server types.

chkeyserverkeysecure -disable
CMMVC9061E Cannot disable key server type because key server objects of this type exist.

chkeyserverkeysecure -username cryptoadmin -password 'ail4rthi45G1'

chkeyserverkeysecure -nousername -nopassword