Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

ProtectServer 3 HSM and ProtectToolkit 7
ProtectServer 2 HSM and ProtectToolkit 5
ProtectServer 3 HSM Integration Guides

All

All

CyberArk Vault

Migrating an existing CyberArk Vault server key to a ProtectServer 3 HSM

ProtectServer 3 HSM Integration Guides
Apache Tomcat
- Overview
- Getting started
- Generating a new SSL certificate and key on a ProtectServer 3 HSM
CyberArk Vault
- Overview
- Getting started
- Generating a CyberArk Vault server key on a ProtectServer 3 HSM
- Migrating an existing CyberArk Vault server key to a ProtectServer 3 HSM
HashiCorp Vault
- Overview
- Getting started
- Configuring HashiCorp Vault
- Rotating HashiCorp Vault Keys
Microsoft Active Directory Certificate Services (ADCS)
- Overview
- Getting started
- Installing Microsoft ADCS on Windows Server using SafeNet KSP
- Enrolling the certification authority certificate
- Archiving the CA key
- Performing a key recovery
Microsoft Online Certificate Status Protocol (OCSP)
- Overview
- Getting started
- Setting up an enterprise root certificate authority
- Installing the Online Responder service
- Configuring CA to issue OCSP response signing certificates
- Creating a revocation configuration
- Verifying auto-enrollment
- Validating OCSP integration
- Troubleshooting
OpenSSL
- Overview
- Getting started
- Configuring OpenSSL and GemEngine for a ProtectServer 3 HSM
Oracle Database Transparent Data Encryption (TDE)
- Overview
- Getting started
- Granting the Oracle Database access to the PKCS#11 library
- Configuring a master encryption key for HSM-based encryption
- Verifying that the master encryption key is encrypting the database

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

Home
ProtectServer 3 HSM Integration Guides
CyberArk Vault
Migrating an existing CyberArk Vault server key to a ProtectServer 3 HSM

Migrating an existing CyberArk Vault server key to a ProtectServer 3 HSM

This section describes how to migrate an existing CyberArk Vault top-level encryption key (server key) to a ProtectServer 3 HSM. Before beginning the integration, make sure that the Vault has been configured and the Vault Server has been shut down. For more information about configuring the Vault, refer to step 6 of To set up your environment for the integration.

To migrate an existing CyberArk Vault server key to the ProtectServer 3 HSM

Run the following command to load the server key onto the ProtectServer 3 HSM:

CAVaultManager.exe LoadServerKeyToHSM /WrapKey

CyberArk Vault Manager generates a new key pair. The public key is used to encrypt the server key and the private key decrypts the server key on the HSM device. The private key is deleted from HSM when the server key is unwrapped.
Verify that the server key was migrated to the HSM slot by running the following command:

ctkmu l -s<slot> [-v] [-n<name>]
Open dbparam.ini and set the value of the ServerKey parameter to HSM.
Start the PrivateArk Server and log on.

This completes the integration of CyberArk Vault with a ProtectServer 3 HSM.

On this page

ProtectServer HSM and ProtectToolkit

© Copyright 2019-2024, Thales Group
Last Updated: 2024-11-05 11:15:59

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Document Conventions
- Support Contacts
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com