Verifying Your Integration
Perform the following steps to ensure the integration is successful:
Use the
mrhsm rekey
command on a CLDB node to rekey the common or core KEK, and use the core KEK to re-encrypt the CLDB and DARE keys. Run the following command with the appropriate parameters:mrhsm rekey -keytype core|common Specifies the key type, which is either core or common -sopin <so-pin> PIN for SO (Security Officer)
Rekeying the Core KEK also involves decrypting the CLDB and DARE keys using the existing Core KEK before generating a new Core KEK, and then re-encrypting the CLDB and DARE keys using the new Core KEK. This command only updates the KMIP configuration on the CLDB node on which this command was invoked.
After the successful re-keying operation, a new key is generated on the CipherTrust Manager with its version upgraded by one.