Switching Key Stores

Verify individual vendor’s requirement

When using a Key Store (HSM) provided by a specific vendor, consult the vendor to ensure that the infrastructure in place can handle any issues with the Key Store. Issues can include data loss or breakdowns. With the required measures in place, minimal impact to the business critical data and the involved processes can be ensured. Ensure that you follow the best practices specified by the vendor for business continuity.

Before you begin

If you are switching between Key Stores, then ensure that you take a backup of the policy management-related data.
For more information about backup and restore of Policy Management, refer to the section Working with Backup and restore. If you encounter failures when working with the new Key Store, then you can switch to the previous Key Store by following the guidelines specified by the corresponding vendor.

Note: It is recommended that before switching to a Key Store, you test it.

To switch Key Stores:

1. On the ESA Web UI, navigate to Key Management > Key Stores.

   The Key Stores screen appears.

2. In the Action column, click Set As Active next to the Key Store that you want to activate.
   The corresponding Key Store is activated. For an active Key Store, the Set As Active button is grayed out.

3. To verify that the Key Store has been activated, navigate to Key Management > Master Keys.
   In the Current key info section, the Generated By field displays the name of the Key Store that has generated the Master Key.