If there are smart cards already pre-personalized in the KGS with an older key ID and these smart cards are still waiting to be personalized, then both the old keys and the new key will be required in the CF service. Two instances of either the pin.file or pin.cert parameters must then be set as described below in this section.
Create the PIN encryption software token
- Create a new PIN encryption key software token according to Issue software token in Certificate Manager.
Save the PIN encryption key software token file to a removable media and name it pin.p12.
Save the new PIN encryption certificate to a file on the same removable media and name it pin.cer.
- In the CF service, replace the old file <configuration_root>/certs/pin.p12 with the new file pin.p12. If the old file is still required, rename the new file. See Note at the start of the Task.
The PIN encryption software token must be configured in the CF service (or in all computers running CF in case of a distributed configuration).
- In cm.conf:
- Set the parameter
pin.file
to the path and name the new PIN key. - Set the parameter
pin.pin
to avoid manual intervention during start of CM servers.
- Restart the system in order to make the changes take effect.