Upload the signed Authentication Suite Server SDK FM module (aal2sdk.signed)

  • Published on Jul 9, 2025
  • 1 minute(s) read
Prev Next

Follow the steps described in this section to upload the signed Authentication Suite Server SDK FM module.

To upload the signed FM module

  1. Import the OneSpan signing certificate to the admin slot.

    ctcert i -f CertExportFileName -s AdminSlotID -l CertificateName

    ctcert i -f vascosigningcert_20470309.crt -s 1 -l vascosigningcert_20470309

  2. If required, type the admin PIN.

  3. Mark the certificate as trusted in the admin slot.

    ctcert t -l CertificateName -s AdminSlotID

    ctcert t -l vascosigningcert_20470309 -s 1

  4. If required, type the admin SO PIN.

  5. Upload the signed module to the HSM.

    ctconf -b CertificateName -j aal2sdk.signed

    ctconf -b vascosigningcert_20470309 -j aal2sdk.signed

  6. If required, type the admin PIN.

Thales ProtectServer for Thales ProtectServer HSM firmware versions 3.20.00 or later, plus all the Thales ProtectServer 2 HSM devices, now reject uploading a signed FM module if the corresponding certificate has expired.

The vascosigningcert_20470309.crt certificate provided in the package therefore has a long validity period, and will not expire until 9th March 2047.