Creating a Root of Trust
For setting up a CCC server, you need to create a root of trust (ROT) on an HSM device. Creating an ROT will allow the CCC to log into the HSM device as the Security Officer (SO) and will encrypt and decrypt all communications between the CCC and the managed devices. To create an ROT:
-
Log in as a root user on the Linux machine that you want to use for setting up a CCC server.
-
Install Thales Luna Network HSM Client software on this machine, ensuring that you’ve selected JCPROV from the list of components to be installed.
-
Log in to your Thales Luna Network HSM device and create a partition that will function as the ROT.
-
Create an NTLS between your device and the CCC server and then assign the ROT partition to the CCC server.
-
Initiate the process of installing CCC, as explained here.
To know more about Partition Capabilities and Policies, click here.
To know more about HSM Capabilities and Policies, click here.
To know more about creating an NTLS connection, click here.