Resetting the HSM Server Configuration

When you reset your HSM configuration, keep the following in mind:

  • KeyControl permanently deletes all Admin keys stored on any HSM servers in the current configuration. Make sure you have downloaded the most recent Admin Key in case you need to restore your KeyControl system to its current state.

  • If any of your Cloud VM Sets use a KEK (Key Encryption Key) , the KEKs will not be deleted. However, KeyControl will not be able to access those KEKs until you reconfigure the connection to the same partition on at least one of the HSM servers that you originally used. If a VM protected by a KEK is rebooted before the HSM server connection had been reestablished, the reboot will fail and VM will not be accessible to any users. For more information, see KEKs with Cloud VM Sets.

    Important: You must disable the KEK setting in every KeyControl Vault for KMIP before you reset the HSM.

  • The KeyControl client on the HSM servers will not be deleted. If you want to remove the KeyControl client from the HSM server, you must do this manually on each HSM server in your configuration.
  • If you have enabled HSM Root-of-Trust, you cannot reset the HSM server configuration.

Procedure 

  1. Log into the KeyControl Vault Management webGUI using an account with Security Admin privileges.
  2. In the top menu bar, click Settings.
  3. In the System Settings section, click HSM Server Settings.
  4. Click Reset Server Settings and confirm the reset at the prompt.