The client installation uses a .zip (Windows) or .tar (Linux) to deliver the client materials required for configuring your system's connection to the Luna Cloud HSM Service. The client .zip includes a pre-configured crystoki-template.ini file along with a client archive file containing a set of library and binary files.

See the client Customer Release Notes for your client version for more information about supported operating systems and where you can deploy your client.

Add client

Download a client using your DPoD tenant. For information about adding a Luna Cloud HSM Service to an existing client see Adding a Luna Cloud HSM Service in the Luna Client Guides.

1. Access the Service Page and click the service or the partition name that you would like to generate a client for.

2. Click Create Client, if this is your first client, or click New Client. The Create Client window displays.

3. In the Create Client window, enter a Client Name (e.g. Luna-Cloud-HSM-Client_1) and select Create Client.

   A new client (in this case Luna-Cloud-HSM-Client_1_client.zip) generates and is provided for downloading and installing on your client machine.

   Note

   The client is a zip file that contains system information needed to connect your client machine to an HSM partition. See the section client Contents for client content details.

Unpack client .zip

Complete the following procedures to unpack the client .zip for your operating system.

Initialize partition

Initialize the partition and required Service Client Roles to begin using the Luna Cloud HSM Service. For more information about client configuration parameters see client Configuration Requirements.

To launch lunacm with logging enabled see Logging.

1. Start LunaCM. From the directory where you unzipped the cvclient-min.zip file.

   Execute

   Windows

   
   lunacm
   

   Linux

   
   ./bin/64/lunacm
   

2. If the command executes with no errors, your connection is working correctly.

   Tip

   If you are unable to connect to the Luna Cloud HSM Service see Client Network Connectivity and Client Troubleshooting for more information about resolving client connection issues.

   
       lunacm (64-bit) v10.4.0-417. Copyright (c) 2021 SafeNet. All rights reserved.
               Available HSMs:
               Slot Id ->              3
               Label ->
               Serial Number ->        1285336687861
               Model ->                Cryptovisor7
               Firmware Version ->     7.3.0
               CV Firmware Version ->  1.4.2
               Plugin Version ->       Cloud 2.1.0-554
               Configuration ->        Luna User Partition With SO (PW) Signing With Cloning Mode
               Slot Description ->     Net Token Slot
               FM HW Status ->         FM Not Supported
               Current Slot Id: 3
       lunacm:>
   

3. Set the active slot to the uninitialized Luna Cloud HSM Service partition. You can verify the slot number by executing slot list in LunaCM.

   
   slot set -slot <slotnum>
   

4. Initialize the Luna Cloud HSM Service partition. Execute the following and complete the wizard to create the partition security officer (po), and set the initial password and cloning domain.

   
   partition init -label <par_label>
   

5. Log in as partition SO (po).

   
   role login -name partition so
   

6. Initialize the crypto officer (co) and set the initial password.

   
   role init -name crypto officer
   

7. Log out of the partition security officer role and log in as the crypto officer.

   
   role logout
   role login -n crypto officer
   

   Caution

   On their first log in, the crypto officer (co) must change the credential password set by the partition so (po).

8. Update the crypto officer password.

   
   role changepw -n crypto officer
   

   Applications can now use the crypto officer credentials to perform cryptographic operations using keys and objects created in the partition.