Uninstalling existing software

Entrust recommends that you uninstall any existing older versions of Security World Software before you install new software. In Windows environments, if the installer detects an existing Security World Software installation, it asks you if you want to install the new components. These components replace your existing installation.

The automated Security World software installers do not delete user created components, key data, or Security World data. However, on Linux, a manual installation using .tar files does overwrite existing data and directories.

Before you uninstall the Security World Software, Entrust strongly recommends that you make a secure backup of any existing Security World and nShield configuration files. See the User Guide for more information.
Entrust recommends that you take a backup of your sshadmin key using hsmadmin keys backup (for keys that will be used on the same machine) or hsmadmin keys backup --passphrase (for keys that may be transferred to another machine) before uninstalling or deleting any software or data. If you erase your SSH keys without a backup, you will need to use recovery mode to recover your module which will return the HSM to factory state.
When upgrading the Security World Software, you do NOT need to delete key data or any existing Security World. If you want to do so for other reasons, see the User Guide for your module and operating system for more information. If you do delete Security World data, it cannot be restored unless you have an up-to-date backup and a quorum of the Administrator Card Set (ACS) is available.
The file nCipherKM.jar, if present, is located in the extensions folder of your local Java Virtual Machine. The uninstall process may not delete this file. Before reinstalling over an old installation, remove the nCipherKM.jar file. See the User Guide for your module and operating system for more about locating the Java Virtual Machine extensions folder.
You can only have a single Security World Software installation on a computer at a time
If you are downgrading a software authenticated client to a Security World Software earlier than version 12.60, the client will need to be re-enrolled as software-based authentication is not supported. See the Configuring the nShield Connect to use the client section in the nShield Connect User Guide for more information.
Entrust recommends that you do not uninstall the Security World Software unless you are either certain it is no longer required, or you intend to upgrade it.

Uninstalling the Security World Software on Windows

Before uninstalling the Security World software, you should back up your %NFAST_HOME% directory. Delete this backup after upgrading the Security World and confirming that the configuration files and any customizations are correct.

  1. Open the Control Panel and select Programs and Features.

  2. For the following programs, select Uninstall and follow the on-screen instructions:

    • nShield Security World Software

    • CyberJack Base Components

Uninstalling the Security World Software on Linux

Before uninstalling the Security World software, back up your $NFAST_HOME directory. This preserves your key management data, hardserver.d, and any data customizations.

When upgrading the Security World, restore the backup to preserve your PKCS #11 and Soft KNETI authentication settings and any customizations. If you delete the /opt/nfast directory without making a copy of it, you will lose these configuration settings.

When restoring a Security World from a backup, you need to maintain permissions.

If you are doing a clean reinstallation of the Security World software, ensure you backup the following files and folders before uninstalling:

  • /opt/nfast/kmdata

  • Your SSH keys in /opt/nfast/services (using hsmadmin keys backup).

Do not delete /etc/nfast/config nor the nfast and ncsnmpd users.

  1. Assume the nFast Administrator privileges or root privileges by running the command:

    $ su -
  2. Type your password, then press Enter.

  3. To remove drivers, install fragments, and scripts and to stop services, run the command:

    /opt/nfast/sbin/install -u
  4. Delete all the files (including those in subdirectories) in /opt/nfast and /dev/nfast/ by running the following commands:

    rm -rf /opt/nfast
    rm -rf /dev/nfast
  5. If you are not reinstalling the product, delete the configuration file /etc/nfast.conf if it exists.

  6. Unless needed for a new installation, remove the user nfast and, if it exists, the user ncsnmpd using sudo userdel and sudo groupdel. For example:

    sudo userdel ncsnmp
    sudo userdel nfast
    sudo groupdel ncsnmp
    sudo groupdel nfast

If required, you can safely remove the module after shutting down all connected hardware.