HSM Errors
A Hardware Security Module(HSM) is a physical device that provides more secure management of sensitive data, such as keys, inside Thales CipherTrust Manager. This section lists possible errors in dealing with different types of HSMs.
Action | Error Information | Possible Cause | Remediation |
---|---|---|---|
Get HSM Server Find HSM Servers | Missing partition_name in HSM connInfo | HSM seems to be misconfigured or the system is malfunctioning | Restart system. Provide copy of Syslog to support team for analysis. |
Setup HSM Server | Host daemon returned a non-successful HTTP code | The system does not have a local HSM installed. | Please contact Thales Customer Support to understand the HSM support of the current version of KeySecure. |
Setup HSM Server | dial tcp <HOST> : i/o timeout | HSM host could not be reached | Please check and ensure the connectivity to the HSM server. |
Setup HSM Server | failed to decode PEM data | A few of the required fields (HSM server certificate, client certificate etc.) may not be in the PEM format or the field could be corrupted | Please ensure that the certificates are valid and they are in PEM format. |
Setup HSM Server | No Luna PCIe cards detected on the appliance. | The system does not have a PCI Luna installed. | Please check if the appliance has a PCI luna. If yes, there could be issue with the connection of luna or the hardware could be faulty. Please contact Thales Customer Support for further analysis. |
Add HSM Server Setup HSM Server Delete HSM Server | Failed to write HSM servers to disk as HSM config directory doesn't exist | HSM config diesctory does not exist. Possible reason could be storage crunch in the system. | Please free up some space and retry. If problem persists, contact Thales Customer Support. |
Add HSM Server | Addition of HSM server can only be performed after initial setup | hsm setup is not yet done before adding the hsm server. | Need initial setup of the system to use HSM. A reset operation is required which means that all existing data in the system will be wiped and CipherTrust Manager will be started from a clean slate. |
Setup HSM Server | Failed to get a list of local HSMs from local Unix socket | This is an internal server error wherein the local HSM list fetch failed. The possible reason is high CPU utilization or memory crunch due to large number of memory intensive operations. | Restart the appliance and retry. If problem persists, contact Thales Customer Support with a copy of the syslog. |
Setup HSM Server | Failed to parse local HSMs list response from host daemon | This is an internal server error wherein the local HSM list response could not be parsed possibly because the response may be incomplete or corrupted. The possible reason is high CPU utilization or memory crunch due to large number of memory intensive operations. | Restart the appliance and retry. If problem persists, contact Thales Customer Support with a copy of the syslog. |