Connecting KeySecure HSM to CipherTrust Manager after migration from Key Secure
HSM
How to configure the KeySecure HSM to connect to
CipherTrust.
After the Thales team successfully migrates the keys from Key Secure HSM to
CipherTrust Manager, you must configure the Key HSM to connect to CipherTrust. You
must perform the following steps on both the Active and Passive KTS nodes.
The Thales team must have successfully migrated the keys from Key Secure HSM to
CipherTrust Manager.
Stop the Key HSM service.
$ service keyhsm stop
Back
up the existing application.properties
file.
Optional: If SSL is enabled on CipherTrust Manager, run the following
command:
-- Configuring keyHsm General Setup --
Cloudera Recommends to use 127.0.0.1 as the listener port for Key HSM
Please enter Key HSM SSL listener IP address: [127.0.0.1]
Will attempt to setup listener on 127.0.0.1
Please enter Key HSM SSL listener PORT number: 9090
validate Port: :[ Successful ]
-- Ingrian HSM Credential Configuration --
Please enter HSM login USERNAME: testuser (user created on CipherTrust Manager)
Please enter HSM login PASSWORD:
Please enter HSM IP Address or Hostname: ec2-3-144-233-194.us-east-2.compute.amazonaws.com
Please enter HSM Port number: 9000
Valid address: :[ Successful ]
Use SSL? [Y/n] (As per the configuration done on CipherTrust Manager)
Configuration saved in 'application.properties' file
Configuration stored in: 'application.properties'. (Note: You can also use keyhsm settings to quickly view your current configuration)
Validate the Key HSM.
$ service keyhsm validate
Check Key HSM is stopped :[ Successful ]
Configuration Available :[ Successful ]
Port 127.0.0.1:9090 available :[ Successful ]
Unlimited-Strength JCE :[ Successful ]
Validate cipher list :[ Successful ]
HSM availability :[ Successful ]
All services available: :[ Successful ]
Start the Key HSM service.
$ service keyhsm start
Starting KeyHSM, please wait...
The
KeyHSM
service is
started.
Configure Key HSM to trust KTS by providing the full path to the file.
