Show the Table of Contents

You are here: Configuration Manual (Set up Luna Appliance after Installing) > [Step 6] Setting up a Network Trust Link > Windows NTL Setup > Export a Client Cert to a Luna SA (Windows)

Export a Client Cert to an HSM Appliance (Windows)

Send the client certificate (that you created on the previous page) to the HSM appliance, as follows.

The command is:

C:\Program Files\SafeNet\LunaClient\ > pscp cert\client\<clientCert>.pem admin@<serverhostname-or-IP>:

You are prompted for the HSM appliance admin password.

Example

c:\> cd \Program Files\SafeNet\LunaClient\cert\client

c:\ Program Files\SafeNet\LunaClient\cert\client> dir

myClient1Key.pem  myClient1.pem

c:\ Program Files\SafeNet\LunaClient\> pscp “c:\Program Files\SafeNet\LunaClient\cert\client\myClient1.pem” admin@myLuna3:


You must scp to the admin account on the HSM appliance, or the client certificate will not register correctly.

 

 

You might need to surround the entire filespec (path and filename) within quotation marks if Windows stumbles at the space between Program and Files.

If the operations fail - and you have verified that the commands are typed correctly - then you might lack file permissions in the affected directories. If you lack administrator privileges on your computer, contact your IT department. If you do have the required privileges, then you might need to adjust the permissions for the affected directories [Click Here] (which by default are installed in the protected Windows directory "Program Files").

To adjust the permissions for the directory c:\Program Files\SafeNet\LunaClient\, right-click that directory. In the resulting context menu, select Properties, and in the ensuing dialog select the "Security" tab. Choose the appropriate user or group and adjust as needed. Then repeat the commands in the steps above, which should now work as expected.

Give yourself the needed permissions on the certificate directories so you can complete the certificate exhange and registration with the Luna appliance.

 

The appearance might vary slightly for different Windows versions. If the permissions change does not propagate to subdirectories, then you might need to repeat the process for the "cert" subdirectory and for the "client" and "server" subdirectories.

 

 

For networks without DNS, use the HSM appliance's IP address, instead of the hostname.

 

Example

c:\> cd \Program Files\SafeNet\LunaClient\cert\client

c:\ Program Files\SafeNet\LunaClient\cert\client> dir

<client-ip-address>Key.pem  <client-ip-address>.pem

c:\ Program Files\SafeNet\LunaClient\> pscp “c:\Program Files\SafeNet\LunaClient\cert\client\<client-ip-address>.pem” admin@<appliance-ip-address>:

 


Note the “:” after the destination. This is required. Without the colon, scp does not recognize the supplied destination as a remote server. 

The file arriving at the HSM is automatically placed in the appropriate directory. Do not specify a directory for destination.

Next, "Register the Client Certificate to an HSM Server", to continue the setup (we're nearly done at this point).

 

 

Show the Table of Contents