Configuring and launching the hardserver
Hardserver configuration involves the following utilities:
- /opt/nfast/bin/config-serverstartup. To configure the [server-startup] values.
- /opt/nfast/bin/nethsmenroll. To configure the [nethsm_imports] values.
- /opt/nfast/bin/enquiry. To test the hardserver settings.
-
/opt/nfast/sbin/init.d-ncipher. To launch, restart, or stop the hardserver. This utility uses the following arguments:
- start
- restart
- stop
To configure and launch the hardserver
-
Set the required default hardserver port settings (i.e. defined in the [server-startup] section) with the following command:
/opt/nfast/bin/config-serverstartup -sp
-
Test the new hardserver settings to verify that the port settings are correct. To do so, run:
/opt/nfast/bin/enquiry
-
Register the HSM via the following command:
/opt/nfast/bin/nethsmenroll remote_ip
where remote_ip is the IP address of the HSM.
-
Launch the hardserver:
/opt/nfast/sbin/init.d-ncipher start
Depending on your Linux distribution, you may need to enable and configure this service to start automatically after server restarts.
Whenever you need to re-configure the hardserver startup or port settings (i.e. via the /opt/nfast/bin/config-serverstartup command), you need to restart the hardserver with the following command:
/opt/nfast/sbin/init.d-ncipher restart
Hardserver settings are defined in /opt/nfast/kmdata/config/config.
Typical hardserver settings lists the settings that should be configured accordingly in the hardserver configuration file.
The privileged setting must be 1 (privileged), if the host is the first client that loads the keys into the SEE module. After the keys are created and the SEE module has been uploaded, you can set privileged back to the default value 0 (non-privileged) to improve security.