Disable HSM support on a managed DNS Server and withdraw it from the HSM Security World.
A managed BlueCat DNS Server can perform zone signing using either DNSSEC-HSM or standard DNSSEC—not both. Once a BlueCat DNS Server has been configured for HSM zone signing, it can't be used for standard DNSSEC zone signing. If you withdraw a managed DNS Server from the HSM Security World and wish to repurpose it for standard DNSSEC, it must be re-imaged.
To disable HSM on managed DNS Servers:
- Select the Servers tab in the sidebar, then select Servers.
- Select the row containing the managed DNS Server in the Servers table, then select Edit in the expanded details section.
- Under HSM Support, clear the Enable HSM Support checkbox. The Edit Server window refreshes to remove your HSM configuration and HSM drop-down menu.
- In the Change control section, add comments if required.
- Select Save.
The expanded details section for the server will display
Disabled under HSM support—this confirms that HSM has been disabled on
the DNS Server.