Managing the Navigator Key HSM Service
$ sudo service keyhsm keyHsm service usage: setup <hsm name> - setup a new connection to an HSM trust <path> - add a trusted client certificate validate - validate that keyHSM is properly configured settings - display the current server configuration start - start the keyHSM proxy server status - show the current keyHSM server status shutdown - force keyHSM server to shut down reload - reload the server (without shutdown)
The reload command causes the application to restart internal services without ending the process itself. If you want to stop and start the process, use the restart command.
Logging and Audits
The Navigator Key HSM logs contain all log and audit information, and by default are stored in the /var/log/keyhsm directory.
You can configure the maximum log size (in bytes) and maximum number of log files to retain by adding or editing the following entries in /usr/share/keytrustee-server-keyhsm/application.properties:
keyhsm.log.size = 100000000 keyhsm.roll.size = 3
The values used in this example are the default values, and are used if these parameters are not set.
To enable debug logging, add the debug parameter to the start command:
$ sudo service keyhsm start debug
This enables debug logging until the service is restarted without the debug parameter.
Key Naming Convention
To ensure you can manage keys (for example, delete a key), you need to understand the naming convention for keys. Keys adhere to the following naming convention: handle name-uuid-date, which means if you know the key name and date, you can make modifications to it.
[root@user 64]# cmu list Please enter password for token in slot 1 : ********** handle=220 label=key1-3T17-YYdn-2015-07-23 handle=806 label=key2-CMYZ-8Sym-2015-07-23 handle=108 label=key3-qo62-XQfx-2015-07-23 handle=908 label=key2-CMYZ-8Sym-2015-07-23--cert0 handle=614 label=key3-qo62-RWz0-2015-07-23--cert0 handle=825 label=key1-3T11-YYdz-2015-07-23--cert0