Disabling encryption with key servers

Encryption with key servers can be disabled using either the management GUI or the command-line interface.

Note: For security, encryption methods (including the recovery key) can only be disabled when physically connected to the technician port on the configuration node.

Using the management GUI

When disabling encryption using the management GUI, encryption using key servers is automatically disabled in the process. See Decommissioning encryption for instructions on disabling encryption using the management GUI.

To disable only key servers, refer to the instructions described in "Using the command-line interface".

Using the command-line interface

Follow these steps to disable encryption using key servers:
  1. Identify the configuration node of the system. For more information, see Configuration node.
  2. Connect your computer to the technician port of the configuration node. For more information, see Node canisters
  3. In a terminal window, use Secure Shell (SSH) software to connect to the cluster IP address of the system and authenticate using the credentials of any user with the SecurityAdmin role:
    ssh username@cluster_ip

    For more information, see Connecting to the CLI with OpenSSH.

  4. To disable the encryption using key server, enter the following command:
    chencryption -keyserver disable
    For more information, see chencryption command.

    Encryption using key server has been disabled successfully when the keyserver_pmk_uid field is blank and the keyserver_status field is licensed. For more information, see lsencryption command.