Cryptographic Security Platform 1.2 - Installation and administration guide [PDF][Releases]

Imports the configuration of a Thales HSM. Use the following syntax to import this configuration from a ZIP file.

tsactl import-thales -d <package_path> [-y]

Use the following syntax to import this configuration from a Chrystoki file.

tsactl import-thales -c <cert_dir> -k <chrystoki> [-y]

For example:

$ sudo tsactl import-thales -c ./tsa-thales-config/cert -k ./tsa-thales-config/Chrystoki.conf -y
Saving Thales configuration...             Done
Warning: tsa is already deployed! To apply the changes, tsa needs to be redeployed using the tsactl deploy command.

See below for a description of each option.

Changes will be effective when deploying (or redeploying) the solution with Management Console or the clusterctl solution deploy command.

-c <cert_dir>

Import the client and server certificates for the Luna Network or DPoD authentication. Where <cert_dir> is the path of a cert directory with the following contents.

└───cert
    ├───client
    │       <clientKey>.pem
    │       <clientCert>.pem
    │
    └───server
            <caCert>.pem

See below for a description of each field.

Value	Description
<clientKey>	The file name of a PEM file containing the client's private key.
<clientCert>	The file name of a PEM file containing the client's certificate.
<caCert>	The file name of a PEM file containing the CA certificate for validating the server's certificate.

After running the command, verify the Chrystoki.conf file includes the following configuration.

ClientPrivKeyFile = /usr/safenet/lunaclient/cert/client/<clientKey>.pem;
ClientCertFile = /usr/safenet/lunaclient/cert/client/<clientCert>.pem;
ServerCAFile = /usr/safenet/lunaclient/cert/server/<caCert>.pem;

Do not modify any other path in the Chrystoki.conf file.

Mandatory: Yes.

-d <package_path>

Use the <package_path> DPoD configuration package, where <package_path> is the path of the ZIP package file.

Mandatory: Yes.

-k <chrystoki>

Import the <chrystoki> configuration of the Luna Network or DPoD client, where <chrystoki> is the path of the Christoky.conf file.

Mandatory: Yes.

-y, --yes

Skip the confirmation prompt.