Initializing Navigator Key HSM
- SafeNet Luna
Install the SafeNet Luna client. No additional configuration is needed.
- SafeNet KeySecure
Extract the KeySecure client tarball in the Key HSM library directory (/usr/share/keytrustee-server-keyhsm/).
Install the Thales client service. Copy nCipherKM.jar, jcetools.jar, and rsaprivenc.jar from the installation media (usually located in opt/nfast/java/classes relative to the installation media mount point) to the Key HSM library directory (/usr/share/keytrustee-server-keyhsm/).
$ sudo service keyhsm setup [keysecure|thales|luna]
For all HSM distributions, this first prompts for the IP address and port number that Key HSM listens on.
-- Configuring keyHsm General Setup -- Cloudera Recommends to use 127.0.0.1 as the listener port for Key HSM Please enter Key HSM SSL listener IP address: [127.0.0.1]127.0.0.1 Will attempt to setup listener on 127.0.0.1 Please enter Key HSM SSL listener PORT number: 9090 validate Port: :[ Successful ]
If the setup utility successfully validates the listener IP address and port, you are prompted for additional information specific to your HSM. For HSM-specific instructions, continue to the HSM-Specific Setup for Cloudera Navigator Key HSM section for your HSM.
After initial setup, configuration is stored in the /usr/share/keytrustee-server-keyhsm/application.properties file, which contains human-readable configuration information for the Navigator Key HSM server.