Checks the HSM connectivity.
tsactl check hsm [-l <level>] [-p <pin>] [-t <token>] [-v <vendor>]For example :
$ sudo ./tsactl check hsmObtaining loaded secrets and configuration... DoneStarting PKCS #11 Manager... Done Slot Id -> 0 Label -> pking203 Serial Number -> 1433959427612 Model -> LunaSA 7.2.1 Firmware Version -> 7.0.3 Configuration -> Luna User Partition With SO (PED) Signing With Cloning Mode Slot Description -> Net Token Slot FM HW Status -> FM Ready Slot Id -> 1 Label -> pking202 Serial Number -> 1433964084224 Model -> LunaSA 7.2.1 Firmware Version -> 7.0.3 Configuration -> Luna User Partition With SO (PED) Signing With Cloning Mode Slot Description -> Net Token Slot FM HW Status -> FM Ready Current Slot Id: 0Passing HSM checks... DoneSee below for a description of each option.
-l <level>
Debug the nShield HSM with the <level> level, where <level> is a CKNFAST_DEBUG variable level. When not using an nShield HSM, the command ignores this option.
See the nShield documentation for details on the CKNFAST_DEBUG configuration parameter.
Mandatory: No. This optional parameter defaults to 0.
-p <pin>
Authenticate in the HSM with the <pin> PIN.
Mandatory: No. When omitting this option, the command looks for the PIN in the application secrets. If not found, prompts the user for the PIN.
-t <token>
Select the HSM token with the <token> label.
Mandatory: No. When omitting this option, the command uses the value of the Token label configuration parameter.
The command will raise an error if you omit this option and the configuration is not loaded.
-v <vendor>
Check an HSM of the <vendor> vendor, where <vendor> is either:
- nshield
- thales
Mandatory : When omitting this option, the command assumes the value of the Vendor configuration parameter and throws an error if not set.