What is process to change the nCipher Operator Card Set (OCS) in RSA Certificate Manager?
Originally Published: 2010-12-23
Article Number
Applies To
RSA Certificate Manager 6.7
nCipher Hardware Security Module (HSM)
nCipher NetHSM
Issue
Attempting to replace the current card set for RCM so we can create a remotely enabled set of cards. The previous card set was working properly but was not remotely enabled. Keysafe shows everything converted correctly. It shows the key recover count moved from the old cardset to the new cardset. Named the new cardset CA Systems OCS ? QA whereas the old cardset was named CA Systems OCS. The key files in kmdata/local show the new date.
Resolution
The OCS name is stored with the objects referring to nCipher based keys.
When you replace an OCS, the new OCS name should be the same as the original one. Let's say the original one was called OCS-1, you would created a new OCS called OCS-temp to replace OCS-1 and move all keys to OCS-temp, then remove the original OCS-1, and then create a new OCS called OCS-1 to replace OCS-temp and move all keys to the new OCS-1, and finally remove OCS-temp as it is no longer needed.
Related Articles
How to report OC admin activity immediately and forward it to Syslog? Number of Views A key recovery session only reads 1 card out of a 2 of 3 OCS then stops Number of Views When setting a lost password for a token and set by number of days and hours it is not applying the days only the hours Number of Views How to disable the RSA Via Lifecycle and Governance (L&G) Reassign functionality for violations generated from Rule Defini… Number of Views How to log back in if I lost my Key Manager admin password? Number of Views
Don't see what you're looking for?
