It's a manual process.
Unless you're using a HSM (Hardware Security Module, aka hardware SSL accelerator), the keys will be stored on disk in the:
use the rcon command
show ssldecr keys
It'll list which keys are loaded, and show which ones are actually being used for traffic, you can then remove the keys from the keylist file and then delete the keys from disk.
If you are using a HSM, you should follow the instructions with the card, as each card has it's own command line tools for key management.
Thanks for your quick response Chris! Unfortunately I'm a DCRUM newb and forgot to mention that we're using an nCipher HSM.
I've found multiple examples of how to load a key and have done that successfully but have been unable to find anything related to the card. I'll hit up our company reps and see if anyone can more info.
Thanks again for your help.
Hi Jc W,
As Chris said it's manual process and the following are what I've done in our environment.
rm -rf /usr/adlex/config/keys/whateverSSL.pem.bak
Hope this help, from newbie to newbie 🙂
Using a nCipher SSL card, when you import a SSL key, the tool creates a file "key_pkcs11_*" in the folder "/opt/nfast/kmdata/local"
See example of output:
Key successfully imported.
Path to key:
I would say deleting the good "key_pkcs11_*" file will make the card not to use the related ssl private key stored in the nCipher SSL card.