mrhsm remove

Removes specified components of the KMIP configuration.

Use the mrhsm remove command to remove various components of the KMIP configuration or to set them to their default values.
NOTE
You must set all components of the KMIP configuration to enable communication with the external KMIP-enabled key store. Therefore, if you remove any component, use the mrhsm set command to reconfigure the settings, and then re-enable the HSM.

Syntax

# mrhsm remove
  [ -cacert ]            Remove configured CA certificate
  [ -clientcert ]        Remove configured client certificate
  [ -clientkey ]         Remove configured client private key
  [ -ip ]                Remove IP addresses
  [ -kmipversion ]       Remove KMIP version. Reverts to 1.1
  [ -port ]              Remove KMIP port number. Reverts to 5696.
  -sopin <so-pin>        PIN for SO (Security Officer)

Parameters

cacert

The full or relative path name of the CA certificate chain in PEM format used to sign the KMIP server certificate. The Data Fabric KMIP client enforces peer validation and requires the CA certificate chain to verify the KMIP server.

clientcert

The full or relative path name of the client certificate in PEM format.

clientkey

The full or relative path name of the client private key used to generate the client CSR.

ip
A comma-separated list of host names or IP addresses of KMIP servers. Most KMIP deployments have at least two KMIP servers in the HSM cluster for reliability and high availability.
kmipversion

The KMIP version to use when communicating with the external KMIP -enabled key management appliance. Supported values are 1.0, 1.1, 1.2, 1.3 and 1.4

port
The listening port number of the KMIP server. All KMIP servers in the HSM cluster must listen to the same port. Port numbers must be from 1-65535 inclusive and cannot start with a 0.

Default is 5696.

sopin
The PIN for the Security Officer.