99 101 121 104 117 110 32 58 47
Kendim için aldığım notlar belki sizler için de yararlı olur. TWVyYWsgYmlsZ2l5ZSBna WRlbiB5b2xkYSBlbiDDtm5 lbWxpIGFkxLFtZMSxci4=
Home Genel Safenet Lunasa HSM First Configuration

Safenet Lunasa HSM First Configuration

Serial port is connected first

login as: admin

[email protected]<hostname>’s password: chrysalis

the password is changed.

Date Settings

[CeyHSM] lunash:>status date

[CeyHSM] lunash:>sysconf -timezone -set Europe/Istanbul

Network Settings

[CeyHSM] lunash:>net show

[CeyHSM] lunash:>net hostname CeyHSM

[CeyHSM] lunash:>net -dns -nameserver 172.16.128.100

[CeyHSM] lunash:>net interface -static -device eth0 -ip 172.16.128.111 -netmask 255.255.255.0 -gateway 172.16.128.1

Firmware Update

[CeyHSM] lunash:>hsm show

[CeyHSM] lunash:>hsm u f

HSM init

[CeyHSM] lunash:>hsm init -label CeyHSM

[CeyHSM] lunash:>hsm ped vector init

For making HSM FIPS-Compliant

hsm -changePolicy -policy 12 -value 0 ( Allow Non-FIPS algorithms,works when no)

Generate HSM Server certificate

[CeyHSM] lunash:>sysconf regenCert

[CeyHSM] lunash:>ntls bind eth0 -bind 172.16.128.111

Remote ped Connection

On Host computer

C:\HSM_SafeNetLunaSA>PedServer.exe -m start

[CeyHSM] lunash:>hsm ped connect -ip 172.16.128.116 -port 1503

Create Partition

[CeyHSM] lunash:>hsm login

[CeyHSM] lunash:>partition -create -name partitionceyhun

[CeyHSM] lunash:>partition -showpolicies -partition partitionceyhun

[CeyHSM] lunash:>partition changePolicy -partition partitionceyhun -policy 22 -value 1

[CeyHSM] lunash:>partition changePolicy -partition partitionceyhun -policy 23 -value 1

[CeyHSM] lunash:>partition activate -par partitionceyhun -pass AdHP-XYZ0-0XYZ/ZYX0

[CeyHSM] lunash:>partition autoActivate -p partitionceyhun -on

Link host with HSM

c:\Program Files\LunaSA>ctp [email protected]:server.pem .

c:\Program Files\LunaSA>dir

c:\Program Files\LunaSA>vtl addServer -n 172.16.128.111 -c server.pem

Generate Client cert

c:\Program Files\LunaSA>vtl createCert -n 172.16.128.116

c:\Program Files\LunaSA>ctp cert\client\172.16.128.116.pem [email protected]:

Register client to HSM

[CeyHSM] lunash:>client -register -client ftClient2 -ip 172.16.128.116

[CeyHSM] lunash:>client assignPartition -client ftClient2 -partition ftPartition2

[CeyHSM] lunash:>sysconf rem di

[CeyHSM] lunash:>ntls bind eth0

c:\Program Files\LunaSA>vtl verify

Linux Client

cd /usr/lunasa/bin

./ctp [email protected]:server.pem .

./vtl addServer -n 172.16.128.111 -c server.pem

./vtl createCert -n 172.16.128.116

./ctp ../cert/client/172.16.128.116.pem [email protected]:

Generate Key Pair

c:\Program Files\LunaSA>cmu generateKeyPair -modulusBits=2048 -publicExp=65537 -sign=1 -verify=1 -labelPublic=PublicKey -labelPrivate=PrivateKey -modifiable=1

Generate Request Certificate

c:\Program Files\LunaSA>cmu requestCertificate -privateHandle=10 -publicHandle=9 -cn=”test Certificate” -outputFile=cert01-company.req

Importing the certificate:

c:\Program Files\LunaSA>cmu import -inputFile= cert01-company.cer -label=Sample Certificate

Note :The object imported with the ckdemo application must be copied and its private property changed to false.

syslog tail entries 9999 logname hsm

Generate Key Pair Self Signed Certificate

c:\Program Files\LunaSA>cmu selfSignCertificate -publichandle=9 -privatehandle=10 -serialNumber=a1a1a1a1 -C=TR -keyusage=digitalsignature -label= cert01-company -CN=ceyhun

**********************************

**Luna CSP ile Generate Key Pair**

**********************************

Registering partition to CSP:

C:\Program Files\LunaSA\CSP>register

Generating certificate requests:

C:\Users\Administrator\Desktop>Certreq -New policy.inf ceyhun-cert.req

Policy.inf

[NewRequest]

Subject = “CN = Ceyhun Certificate Request,OU = Signature,O = SD,L = Izmir,S = Izmir,C = TR”

KeyLength=2048

ProviderName=”Luna Cryptographic Services for Microsoft Windows”

Associating the generated certificate with LunaCSP in CertificateStore:

C:\Users\Administrator\Desktop>certutil.exe -f -csp “Luna Cryptographic Services for Microsoft Windows” -repairstore MY 2B0EDF1D71D84445ED7B28EFEEB3BC92

If SSH service does not work:

sysconf setAdmin show

sysconf setAdmin device eth0

Partition01: AdHP-XYZ0-0XYZ/ZYX0

Partition02: JSSxXYZ0tPHEABCDd

When HSM is closed and applications cannot be logged in:

ssh [email protected]

>hsm login

At this stage, the blue hsm admin pad is attached.

>partition activate -partition Partition01 -password AdHP-XYZ0-0XYZ/ZYX0

Here, the black pad (partition admin pad) is attached.

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy