If an OpenEdge database is already enabled with HSM authentication for TDE, you can disable the HSM option online.

To remove HSM support from a TDE-enabled database, use: 

proutil testdb -C epolicy manage keystore DisableHSM {hsm-config}[resume] -HSMLibrary <path> -HSMSlotID <slotID_text> -HSMLabel <labelID_text>

In the command, specify a token identifier and either Slot ID or Label ID, but not both. If you lose access or connectivity while the command is running, you can run it again. If the command to disable HSM is running, you cannot run other HSM commands.

For details, see PROUTIL EPOLICY MANAGE qualifier.

Note: Disabling HSM may generate a new version of the keystore, which affects replication and hot standby. See Ensure that replication or hot standby target can access HSM.

If a DBA disables HSM support in the database, it cannot be enabled again until the HSM administrator resets the HSM token to its original initialized state. (OpenEdge validates that no other database is using the HSM token before allowing HSM enablement.)