Disabling HSM on managed DNS Servers - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Product name
BlueCat Integrity

Disable HSM support on a managed DNS Server and withdraw it from the HSM Security World.

A managed BlueCat DNS Server can perform zone signing using either DNSSEC-HSM or standard DNSSEC—not both. Once a BlueCat DNS Server has been configured for HSM zone signing, it can't be used for standard DNSSEC zone signing. If you withdraw a managed DNS Server from the HSM Security World and wish to repurpose it for standard DNSSEC, it must be re-imaged.

To disable HSM on managed DNS Servers:

  1. From the configuration drop-down menu, select a configuration.
  2. Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  3. Under Servers, click the name of the managed DNS Server on which you wish to disable HSM.
  4. Click the DNS server name menu and select Edit.
  5. Under HSM Support, deselect the check box, Enable HSM Support. The Edit Server page refreshes to remove your HSM configuration and HSM drop-down menu.
  6. Under Change Control, add comments, if required.
  7. Click Update.
In the General section of the Details tab, you will see Enable HSM Support: No — this confirms that HSM has been disabled on the DNS Server.