Moving back to file store-based encryption
After private key of host ID certificate is encrypted using HSM and if it is required to move out of HSM, the private key can be encrypted using keys that are stored on file systems. Note that the file store-based encryption is the default option.
To move back to file store-based encryption
- Run the following command to change the NetBackup configuration parameter:
'nb_cipher_keystore_type' #nbsetconfig nbsetconfig > NB_CIPHER_KEYSTORE_TYPE = nbsetconfig >
- Run the following command to rotate the passphrase key:
nbcertcmd -rotatepassphrasekey
- Use the nbcertcmd -listcertdetails command to list the host ID certificate details.
Check the 'Private Key Encryption State' to ensure that the passphrase of the host ID certificate's private key is encrypted using file store.