Validating Key HSM Settings
After the setup completes, the Key HSM configuration is stored in /usr/share/keytrustee-server-keyhsm/application.properties.
$ sudo service keyhsm settings # keyHsm Server Configuration information: keyhsm.management.address : 172.19.1.2 keyhsm.server.port : 9090 keyhsm.management.port : 9899 keyhsm.service.port : 19791 keyhsm.hardware : ncipher # Module OCS Password thales.ocs_password : GIqhXDuZsj1Oet137Lb+f+tqkYvKYDm/8StefpNqZWwlB+LfSYlB4eHd endtYJio8qLjjbT+e7j2th5xf8O9t8FwfVguuyFW+6wdD uNGvse1LY/itCwqF0ScMlB1Mnz4010xqC6ylPW7l+0JjjkkqqM5gJJbl8lsQFFaIGVM/pY=
These settings can be manually configured by modifying the application.properties file, with the exception of any passwords. These are encrypted by design, and can only be changed by re-running the setup utility.
Verifying Key HSM Connectivity to HSM
To verify Hardware Security Module (HSM) operations using Key HSM, run the following command on the Key Trustee Server host (which should also be the Key HSM host as described in Installing Cloudera Navigator Key HSM):
$ curl -k https://keytrustee01.example.com:11371/test_hsm
If Key HSM operations to the HSM are successful, the command returns output similar to the following:
"Sample Key TEST_HELLO_DEPOSIT2016-06-03-072718 has been created"
You must run this command from the Key Trustee Server host. If you run it from a different host, the command returns an HTTP 403 error code.