Known Issues and Workarounds in Cloudera Navigator Key HSM
Keys with certain special characters cannot be migrated from Key Trustee Server to Key HSM
If any existing key names in Key Trustee Server use special characters other than hyphen (-), period (.), or underscore (_), or begin with non-alphanumeric characters, the migration to Key HSM fails.
Workaround: Decrypt any data using the affected key names, and re-encrypt it using a new key name without special characters, and retry the migration.
Upgrading Key HSM removes init script and binary
Upgrading Key HSM from 1.4.x to 1.5.x and higher removes the Key HSM init script and /usr/bin/keyhsm binary.
$ sudo yum reinstall keytrustee-keyhsm
Key HSM cannot trust Key Trustee Server certificate if it has extended attributes
Key HSM cannot trust the Key Trustee Server certificate if it has extended attributes, and therefore cannot integrate with Key Trustee Server.
Workaround: Import the Key Trustee Server certificate to the Key HSM trust store using Java keytool instead of the keyhsm trust command.