Breadcrumbs

Migrate Existing Server Key to HSM

To migrate the existing server key to Utimaco HSM:

  1. Complete the steps given in 5.1 Configure CyberArk Vault to use Utimaco HSM.

  2. Stop the PrivateArk Server service.

tmpoxhjkq90.jpg

Stop services of PrivateArk Server

  1. Navigate to the C:\Program Files (x86)\PrivateArk\Server folder, then open cmd as administrator.

  2. Using CAVaultManager, run the LoadServerKeyToHSM command to upload the server key to store in the Utimaco HSM.

›_ Console

CAVaultManager.exe LoadServerKeyToHSM /WrapKey


tmplna2jgww.png

Migrate Server Key to HSM

Ensure that the result confirms that the server key has been uploaded to the HSM:

  1. Verify that the keys have been uploaded to Utimaco HSM using p11tool2.

›_ Console

p11tool2 slot=0 LoginUser=ask ListObjects


tmprnc3hahd.png

Key list

  1. Open the DBParm.ini file located at C:\Program Files (x86)\PrivateArk\Server\Conf.

  2. Set the ServerKey=HSM parameter.

tmp2xhnm515.png dbparam.ini

ServerKey=HSM

  1. Save the file.

  2. Start the PrivateArk Server service and verify that there are no errors in the console.

  3. Verify that you can log on to the Vault using CyberArk authentication.

tmpwbo4c1gw.jpg

Logon to Vault using CyberArk authentication

This completes the integration for CyberArk Vault with Utimaco SecurityServer.