Scribd Logo
Upload

Welcome to Scribd!

  • 61 views

    NetHSM Quick Start Guide

    Uploaded by

    goldminer
    nethsm

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    NetHSM Quick Start Guide

    Uploaded by

    goldminer
    61 views4 pages
    nethsm

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    nethsm

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    61 views4 pages

    NetHSM Quick Start Guide

    Uploaded by

    goldminer
    nethsm

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 4

    READ ME FIRST!

    TM

    netHSMª

    Quick Start Guide


    Welcome to the future of network-based
    Hardware Security Modules

    For online technical support visit


    www.ncipher.com/support or email [email protected]
    Basic Software Set Up
    This page shows how to set up a netHSM (with or without an nToken) on an RFS machine with a default configuration file for the first time.
    For more detailed information about setup procedures and options, see the Hardware Installation Guide and appropriate chapters of the
    netHSM User Guide.
    Note: The instructions in this document require you to have added the path %NFAST_HOME%\bin (Windows)
    or /opt/nfast/bin/ (Unix-based systems) to the value for the PATH system variable.
    For more detailed information, see:
    1. Install nToken hardware into client machine
    Physically fit nToken PCI card into client machine. Prepares client for installation (if nToken required). Hardware Installation Guide

    2. Install nCipher software on remote file system (RFS) and client machines
    Administrator privileges needed on each machine. netHSM User Guide, Ch4: Software installation

    3. Configure the Ethernet interface (from netHSM menu 1-1-1-1)


    Enter netHSM IP (from netHSM menu 1-1-1-1). Sets the network location of the netHSM. netHSM User Guide, Ch5: Module & client config
    Enter subnet mask (from netHSM menu 1-1-1-1). Note: Leave link speed set to auto.
    Confirm reboot and reboot netHSM.
    Enter default gateway (from netHSM menu 1-1-1-3).

    4. Configure the remote file system (RFS) on the RFS machine (not the netHSM)
    anonkneti <netHSM IP> [Will respond with an ESN and HASH rfs-setup creates a file and folder structure on a local netHSM User Guide, Ch5: Module & client config
    to be used in the rfs-setup command below.] machine for use by the netHSM as a remote file store.
    rfs-setup --force <netHSM IP> <netHSM ESN> <netHSM KNETI HASH>
    This should look something like this example below:
    rfs-setup --force xxx.xxx.xxx.xxx 9F73-2D25-5D1A 4c05f57e9f981d33eadd149cd060b6ad535fc676

    5. Configure the netHSM to use the RFS (from netHSM menu 1-1-3)
    Enter IP of remote file system (RFS) machine. Informs the netHSM of the location of its remote file system. netHSM User Guide, Ch5: Module & client config
    Leave port number as default of 9004.

    6. Configure the auto push option (from netHSM menu 1-1-6)


    Allow auto push. Turn on, and set to RFS machine's IP address. This permits netHSM config files to be modified on RFS and netHSM User Guide, Ch5: Module & client config
    loaded onto the netHSM.

    7. Configure log file storage options (from netHSM menu 1-1-7)


    Select either Append or Log. Decide what to do with log files – store on netHSM and RFS netHSM User Guide, Ch5: Module & client config
    (select Append) or only on netHSM (select Log).

    8. Set the time and date on the netHSM (from netHSM menu 1-1-8)
    Enter UTC date and time. Sets the time and date of the netHSM as UTC.
    A reboot is requested here.

    9. Create new (or load existing) security world (from netHSM menu 3-2-1 or 3-2-2)
    Create new security world (3-2-1). In either case, you are prompted for the ACS. netHSM User Guide, Ch6: Managing security worlds
    Load existing security world (3-2-2).

    10. Create OCS (from netHSM menu 3-5-1)


    Create OCS, choosing appropriate K/N quorum and other options. netHSM User Guide, Ch6: Managing card sets & softcards

    11. Configure the module to use the client (from netHSM menu 1-1-4-1)
    New client. Informs the netHSM of the location of its client netHSM User Guide, Ch5: Module & client config
    Enter remote client IP. (a client is a machine using the netHSM for cryptography).
    Select client privileged on any port. If you want a privileged connection to the client
    Select No for nToken.†† ††If your client has an nToken and you wish to use it:

    On client machine run ntokenenroll. Note or keep on


    screen the keyhash and ESN. On netHSM, select Yes to
    enroll nToken, select port (default 9004). Check keyhash
    and ESN from client, and enroll if same.

    12. Configure the client to use the module


    nethsmenroll -p <netHSM IP> <netHSM ESN> This sets a priviledged client connection into the client netHSM User Guide, Ch5: Module & client config
    <netHSM KNETI HASH> configuration file. Use anonkneti for ESN and HASH.

    13. Configure TCP sockets on the client for Java applications (for example, KeySafe)
    config-serverstartup -sp This enables TCP sockets for Java. netHSM User Guide, Ch5: Module & client config

    14. Stop and restart the hardserver


    Run the command: net stop "nfast server" These two commands stop and restart the hardserver.
    Then run the command: net start "nfast server" On Unix-based systems, log in as root and use the command
    init.d-ncipher restart.

    15. Test the completed installation


    enquiry netHSM User Guide, Ch5: Module & client config
    Menu Outline
    1 System 3 Security World Mgmt
    1-1 System configuration 3-1 Display world info
    1-1-1 Network config
    1-1-1-1 Set up interface #1
    3-2 Module initialization
    1-1-1-2 Set up interface #2
    1-1-1-3 Set default gateway 3-2-1 New security world
    1-1-1-4 Set up routing** 3-2-2 Load security world
    1-1-1-5 Show routing table
    3-2-3 Erase security world
    1-1-1-6 Ping remote host
    1-1-1-7 Trace route to host
    1-1-2 Hardserver config 3-3 RFS operations
    1-1-3 Remote file system
    3-3-1 Update world files
    1-1-4 Client config**
    3-3-2 Remove RFS lock
    1-1-5 Resilience config
    1-1-6 Config file options
    1-1-6-1 Fetch configuration
    3-4 Admin operations
    1-1-6-2 Allow auto push
    3-4-1 Replace ACS
    1-1-7 Log config
    3-4-2 Recover keys
    1-1-8 Date/time setting
    3-4-3 Recover PIN
    1-1-9 Keyboard layout
    1-1-9-1 UK keyboard 3-4-4 Set secure RTC
    1-1-9-2 US keyboard
    1-1-10 Default config 3-5 Cardset Operations
    3-5-1 Create OCS
    1-2 System information
    3-5-2 List cardsets
    1-2-1 View system logs
    1-2-2 View hardserver logs 3-6 Card Operations
    1-2-3 Display tasks
    3-6-1 Card details
    1-2-4 Component versions
    3-6-2 Check PIN
    1-2-5 View h/w diagnostics
    3-6-3 Change PIN
    3-6-4 Erase card
    1-3 Login settings**
    3-7 Keys
    1-4 Upgrade system
    3-7-1 List keys
    1-5 Factory state 3-7-2 Verify Key ACLs

    1-6 Shutdown/Reboot 3-8 Set up remote slots**

    1-6-1 Shutdown
    1-6-2 Reboot

    2 HSM
    2-1 HSM information
    2-1-1 Display details
    2-1-2 Display secure RTC
    2-1-3 Speed test 4 payShield
    2-1-4 Display statistics

    2-2 HSM reset

    2-3 HSM feature enable 5 CodeSafe ** TM

    2-3-1 Read FEM from card


    2-3-2 Read from a file
    2-3-3 View current state **Sub menus beneath these items are dependent upon the current
    settings of the unit
    2-3-4 Write state to file

    2-4 Set HSM mode


    2-4-1 Operational For online technical support, visit www.ncipher.com/support/
    2-4-2 Initialization or email [email protected]
    © Copyright 2008 nCipher Corporation Ltd.
    nCipher, netHSM, payShield, nToken, and CodeSafe, are trademarks of nCipher Corporation
    Limited. nFast® and the nCipher logo are registered trademarks of nCipher Corporation
    Limited. All other trademarks are the property of the respective trademark holders.
    N-012116/7
    netHSM Quick Start Guide
    Welcome to the future of network-based Hardware Security Modules

    2 3

    Warning: This equipment must be earthed.


    Attention: Le système doit être mis à la
    terre conformément aux prescriptions.
    Vorsicht: Das System muß stets
    vorschriftsmäßig geerdet sein.

    6
    For full installation and saftey
    instructions, now read the
    Hardware Installation Guide.

    4 5
    7

    ? www.ncipher.com/support
    [email protected]

    You might also like