Initializing Navigator Key HSM
- SafeNet Luna
Install the SafeNet Luna client. No additional configuration is needed.
- SafeNet KeySecure
Extract the KeySecure client tarball in the Key HSM library directory (/usr/share/keytrustee-server-keyhsm/).
Install the Thales client service. Copy nCipherKM.jar, jcetools.jar, and rsaprivenc.jar from the installation media (usually located in opt/nfast/java/classes relative to the installation media mount point) to the Key HSM library directory (/usr/share/keytrustee-server-keyhsm/).
$ sudo service keyhsm setup [keysecure|thales|luna]
For all HSM distributions, this first prompts for the IP address and port number that Key HSM listens on.
Cloudera recommends using the loopback address (127.0.0.1) for the listener IP address and 9090 as the port number.
If the setup utility successfully validates the listener IP address and port, you are prompted for additional information specific to your HSM. For HSM-specific instructions, continue to the HSM-Specific Setup for Cloudera Navigator Key HSM section for your HSM.
After initial setup, configuration is stored in the /usr/share/keytrustee-server-keyhsm/application.properties file, which contains human-readable configuration information for the Navigator Key HSM server.