Initializing Navigator Key HSM
Key HSM is initialized using a series of CLI commands and prompts. The setup information you enter is dependent on which type of HSM you are using with Navigator Key HSM.
- SafeNet Luna
Install the SafeNet Luna client. No additional configuration is needed.
- SafeNet KeySecure
Extract the KeySecure client tarball in the Key HSM library directory (
/usr/share/keytrustee-server-keyhsm/
). - Thales
Install the Thales client service. Copy
nCipherKM.jar
,jcetools.jar
, andrsaprivenc.jar
from the installation media (usually located inopt/nfast/java/classes
relative to the installation media mount point) to the Key HSM library directory (/usr/share/keytrustee-server-keyhsm/
). - AWS CloudHSM
Install the AWS CloudHSM client. No additional configuration is needed.
keyhsm
user must be added to the
hsmusers
group with the following
command:sudo usermod -a -G hsmusers keyhsm