Problem: When cklogs are enabled on a Linux client, source ./setenv --addcloudhsm fails with ERROR: Failed to add cloud hsm configuration to 'Chrystoki.conf', failed to configure PluginsModuleDir in Misc section.

HSM Safenet Luna SA 5.4.x client configuration

Problem: On Linux, client software cannot be installed to a directory that includes a space character. If such an install path is specified, the path is cut off at the space (for example, specifying /luna client/ creates install directory /luna).

Obtain the Luna-SA-server certificate and register the Luna-SA server with it. This can be done as follows (replace admin and lunasa.example.com with your Luna-SA administrator name and your Luna-SA-server address respectively):# scp [email protected]:server.pem .# /usr/safenet/lunaclient/bin/vtl addServer -n lunasa.example.com -c server.pem

Create a client certificate and register it with your Luna SA (replace privx.example.com with the FQDN or the IP address of your PrivX machine):# /usr/safenet/lunaclient/bin/vtl createCert -n privx.example.com# scp /usr/safenet/lunaclient/cert/client/privx.example.com.pem [email protected]:

On your Luna SA, register the PrivX machine as a Luna-SA client, and assign the client to the PrivX partition (replace privxclient with an arbitrary client name, replace privxpartition with the name of the Luna-SA partition reserved for PrivX):lunash:> client register -client privxclient -hostname privx.example.comlunash:> client assignPartition -client privxclient -partition privxpartition

After you update your client instance to the most recent software (5.3.13), you then must update the CloudHSM device software and firmware. First, you must initiate an SSH connection from any one client instance to each CloudHSM device, as illustrated in the following diagram. A successful SSH connection will have you land at the Luna shell, denoted by lunash:>. Second, you must be able to initiate a Secure Copy (SCP) of files to each device from the client instance. Because the software and firmware updates require an elevated level of privilege, you must have the Security Officer (SO) password that you created when you initialized your CloudHSM devices. 2ff7e9595c