|Applies To||RSA Certificate Manager (RCM)|
RSA Certificate Manager 6.7
nCipher Hardware Security Module (HSM)
|Issue||All keys but the Production CA key is protected by the Systems OCS cardset. The Production CA key is protected by what we call the Issuer OCS cardset.|
Attempting to replace the current card set for RCM so we can create a remotely enabled set of cards. The previous card set was working properly but was not remotely enabled. Keysafe shows everything converted correctly. It shows the key recover count moved from the old cardset to the new cardset. Named the new cardset CA Systems OCS ? QA whereas the old cardset was named CA Systems OCS. The key files in kmdata/local show the new date.
|Resolution||In order to use a different OCS, follow the instructions below.|
The OCS name is stored with the objects referring to nCipher based keys.
When you replace an OCS, the new OCS name should be the same as the original one. Let's say the original one was called OCS-1, you would created a new OCS called OCS-temp to replace OCS-1 and move all keys to OCS-temp, then remove the original OCS-1, and then create a new OCS called OCS-1 to replace OCS-temp and move all keys to the new OCS-1, and finally remove OCS-temp as it is no longer needed.
|Legacy Article ID||a53346|