Entrust nShield: Configuring and Launching the Hardserver
  • 13 Jan 2025
  • 1 Minute à lire
  • Sombre
    Lumière
  • PDF

Entrust nShield: Configuring and Launching the Hardserver

  • Sombre
    Lumière
  • PDF

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

Hardserver configuration involves the following utilities:

  • /opt/nfast/bin/config-serverstartup. To configure the [server-startup] values.
  • /opt/nfast/bin/nethsmenroll. To configure the [nethsm_imports] values.
  • /opt/nfast/bin/enquiry. To test the hardserver settings.
  • /opt/nfast/sbin/init.d-ncipher. To launch, restart, or stop the hardserver. This utility uses the following arguments:

    • start
    • restart
    • stop

To configure and launch the hardserver

  1. Set the required default hardserver port settings (i.e. defined in the [server-startup] section) with the following command:

    /opt/nfast/bin/config-serverstartup -sp

  2. Test the new hardserver settings to verify that the port settings are correct. To do so, run:

    /opt/nfast/bin/enquiry

  3. Register the HSM via the following command:

    /opt/nfast/bin/nethsmenroll remote_ip

    where remote_ip is the IP address of the HSM.

  4. Launch the hardserver:

    /opt/nfast/sbin/init.d-ncipher start

    Depending on your Linux distribution, you may need to enable and configure this service to start automatically after server restarts.

Whenever you need to re-configure the hardserver startup or port settings (i.e. via the /opt/nfast/bin/config-serverstartup command), you need to restart the hardserver with the following command:

/opt/nfast/sbin/init.d-ncipher restart

Hardserver settings are defined in /opt/nfast/kmdata/config/config.

Table: Typical hardserver settings lists the settings that should be configured accordingly in the hardserver configuration file.

Table:  Typical hardserver settings
SectionSettingDescription
[server_startup]nonpriv_port

The port through which the hardserver should listen for non-privileged TCP connections.

The default value is 9000.

priv_port

The port through which the hardserver should listen for privileged TCP connections.

The default value is 9001.

[nethsm_imports]local_moduleThe module number of the imported HSM.
remote_ipThe IP of the HSM.
privileged

The connection type (privileged VS non-privileged) the hardserver should use to connect to the HSM.

The default value is 0 (non-privileged).

remote_esnThe serial number of the HSM.

The privileged setting must be 1 (privileged), if the host is the first client that loads the keys into the SEE module. After the keys are created and the SEE module has been uploaded, you can set privileged back to the default value 0 (non-privileged) to improve security.


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle