When you receive your Luna SA, it is fully functional and very configurable, but is not yet set up to work in your network and with your Clients. That is, coming from the factory, the Luna SA:
If you are looking at this page, you have probably unpacked your Luna SA, connected the cables, and installed the
.If yours is a Luna SA with PED (Trusted Path) Authentication, then it makes use of the Luna PED. The crystoki.ini (Windows) or Chrystoki.conf (UNIX) file contains settings for PED timeout values. Generally, do not change those, unless instructed to do so by SafeNet Technical Support.
To have your new Luna SA working in your environment, you need to prepare it, as follows:
[Step 1] |
|
[Step 2] |
|
[Step 3] |
|
[Step 4] |
|
[Step 5] |
|
[Step 6] |
|
[Step 7] |
|
[Step 8] |
|
Entropy Pool and Random Number Generator
[Step 1] Configuring Luna Appliance for your Network
Recommended Network Characteristics
First Login & Changing Passwords
Configure IP and Network Parameters
Generate New Luna SA Server Cert
Initializing an HSM (Password Authenticated option)
Use hsm-init to Initialize an HSM
Initializing an HSM (PED Authenticated option)
About Initializing a PED Authenticated [Trusted Path] HSM
Options and choices when imprinting a blue (SO) PED Key
Set HSM Policies (Password Authentication)
Set HSM Policies (Trusted Path Authentication)
Create Partition (Password Authentication)
About Creating a Partition (PW)
Create Partition (Trusted Path Authentication)
About Creating a Partition (TP)
Record Partition Client Password (TP)
[Step 5] Setting Partition Policies
[Step 6] Setting up a Network Trust Link
Prepare the Client for Network Trust Link
Import Luna Server Cert onto Client (UNIX)
Register the HSM Server Cert with the Client (UNIX)
Create a Client Certificate (UNIX)
Export a Client Cert to a Luna SA (UNIX)
Import Luna SA Server Cert onto Client (Windows)
Register the HSM Server Cert with the Client (Windows)
Create a Client Certificate (Windows)
Export a Client Cert to a Luna SA (Windows)
Register the Client Cert to an HSM Server
[Step 7] Assigning Clients to Partitions