Changes to configuration properties or database values

Changes to some configuration properties in the SKLMConfig.properties file or in the IBM Security Key Lifecycle Manager database can occur dynamically.

Changes to other properties or database entries require that you restart the IBM Security Key Lifecycle Manager server before the change takes effect.

Depending on the change you intend to make, you might use the graphical user interface, command-line interface, or the REST interface. Not all properties in the SKLMConfig.properties file or in the IBM Security Key Lifecycle Manager database can be changed by using all the interfaces.

Table 1. Changes to configuration properties or database entries
Property	Installation sets default	Change requires server restart	Change available only in command-line interface or REST interface
Audit.event.outcome
Audit.eventQueue.max
Audit.event.types
Audit.handler.file.multithreads
Audit.handler.file.name
Audit.handler.file.size
Audit.handler.file.threadlifespan
Audit.isSyslog
Audit.syslog.server.host
Audit.syslog.server.port
Audit.syslog.isSSL
autoRestartAfterRestore
backup.keycert.before.serving
browse.root.dir
cert.valiDATE
config.keystore.name			You cannot modify this property by using the command-line or REST interface.
config.keystore.batchUpdateSize
config.keystore.batchUpdateTimer
config.keystore.ssl.certalias *
data.synchronizing.backup.password		(if changed manually)
data.synchronizing.svc.interval
data.synchronizing.svc.MaxBackupNum
debug		(if changed manually)
drive.acceptUnknownDrives (replaced by device group attribute device.AutoPendingAutoDiscovery in the IBM Security Key Lifecycle Manager database)
drive.default.alias1 (replaced by a device group attribute in the IBM Security Key Lifecycle Manager database)
drive.default.alias2 (replaced by a device group attribute in the IBM Security Key Lifecycle Manager database)
ds8k.acceptUnknownDrives (replaced by device group attribute device.AutoPendingAutoDiscovery in the IBM Security Key Lifecycle Manager database)
enableClientCertPush		(if changed manually)
enableHighScaleBackup		(if changed manually)
enableKeyRelease		(if changed manually)
enablePBEInHSM		(if changed manually)
fips		(if changed manually)
kmip.request.processing.hostNameLookup		(if changed manually)
KMIPListener.ssl.port *
lock.timeout
maximum.keycert.expiration.period.in.years
maxPendingClientCerts		(if changed manually)
pcache.refresh.interval	This property is optional in the configuration file. By default, its value is not set and IBM Security Key Lifecycle Manager uses the default time interval of 15 minutes.
pkcs11.pin		(if changed manually)
pkcs11.pin.obfuscated		(if changed manually)
pkcs11.pin.obfuscated		(if changed manually)
requireSHA2Signatures
rest.user.inactive_time		(if changed manually)
stopRoundRobinKeyGrps		(if changed manually)
suiteB
symmetricKeySet (an attribute in the IBM Security Key Lifecycle Manager database)
tklm.backup.db2.dir			You cannot modify this property by using the command-line or REST interface.
tklm.backup.dir	Running a backup adds this property to the configuration file.		You cannot modify this property by using the command-line interface or REST interface.
tklm.encryption.keysize		(if changed manually)
tklm.encryption.password	This is an internally used property. Do not change its value. You cannot modify this property by using the command-line or REST interface.
tklm.encryption.pbe.algorithm		(if changed manually)
tklm.lockout.attempts
tklm.lockout.enable
TransportListener.tcp.port
TransportListener.tcp.timeout
TransportListener.ssl.ciphersuites
TransportListener.ssl.clientauthentication
TransportListener.ssl.port *
TransportListener.ssl.protocols
TransportListener.ssl.timeout
Transport.ssl.vulnerableciphers.patterns
Transport.ssl.vulnerableciphers
useSKIDefaultLabels
zOSCompatibility
* If you set this value for the first time, restart is not required. If you later modify the value, restart is required.