Move the Server Certificate to the cert/server directory:
move server.pem c:\Program Files\SafeNet\LunaClient\cert\server
You might need to surround the entire filespec (path and filename) within quotation marks if Windows stumbles at the space between Program and Files.
To adjust the permissions for the directory c:\Program Files\SafeNet\LunaClient\, right-click that directory. In the resulting context menu, select Properties, and in the ensuing dialog select the "Security" tab. Choose the appropriate user or group and adjust as needed. Then repeat the commands in the steps above, which should now work as expected.
The appearance might vary slightly for different Windows versions. If the permissions change does not propagate to subdirectories, then you might need to repeat the process for the "cert" subdirectory and for the "client" and "server" subdirectories.
Example (No DNS)
Any time the IP or hostname
of the HSM appliance has changed (such as moving from a pre-production
environment), the client(s) that have previously connected via SSH will
detect a mismatch in the HSM appliance's server certification information
and warn you of potential security breach. In
this case you will need to remove that server's certificate information
from the client’s known host file found in:
/<user home dir>/.ssh/known_hosts2
If this is happening in a production environment,
this could potentially be a security breach needing investigation.
Similarly, when you first open a scp or
ssh link, you must accept the certificate.
You can check the fingerprint of the certificate with:
lunash:> sysconf fingerprint -ssh
Next, "Register the HSM Server Certificate with the Client (Windows)".