Creating a Root of Trust
For setting up a CCC server, you need to create a root of trust (ROT) on an HSM device. Creating an ROT will allow the CCC to log into the HSM device as the Security Officer (SO) and will encrypt and decrypt all communications between the CCC and the managed devices. To create an ROT:
-
Log in as a root user on the Linux machine that you want to use for setting up a CCC server.
-
Install Thales Luna Network HSM Client software on this machine, ensuring that you’ve selected JCPROV from the list of components to be installed.
-
Log in to your Thales Luna Network HSM device and create a partition that will function as the ROT.
-
Create an NTLS between your device and the CCC server and then assign the ROT partition to the CCC server.
To learn how to create an NTLS connection, refer to Thales Luna Network HSM documentation.
After you have created an ROT, the next step involves Installing CCC.