Show the Table of Contents

You are here: Configuration Manual (Set up Luna Appliance after Installing) > [Step 1] Configuring Luna Appliance for your Network > Set System Date and Time

Set System Date and Time

Before proceeding with HSM and HSM Partition setup, ensure that the HSM Server’s system date, time and timezone are appropriate for your network. Setting correct system time is important because the next step is to generate your own server certificate. The certificate becomes valid at the time of its creation, which is recorded as part of the certificate, as a GMT value. If your local time is set with an inappropriate local timezone, then the GMT time on the certificate could be incorrect by several hours. When other systems (clients) attempt to reference your certificate, they might find that it has not yet become valid.

 

Set Date and Time

  1. First, verify the current date and time on the HSM Server, to see if they need to change.
    At the lunash prompt, type the command:

    lunash:> status date

    which returns the current settings of date, time and timezone.

    If desired,
    lunash:> status time
    and/or
    lunash:> status zone
    can also be used.
  2. If the date, time, or timezone are incorrect for your location, change them using the lunash sysconf command.
    For example:
    lunash:> sysconf timezone set Canada/Eastern
    Timezone set to Canada/Eastern

You must set the timezone before setting the time and date, otherwise the timezone change adjusts the time that you just set.

 

For a new Luna SA appliance, or for one that has been factory reset, the steps occur in the order presented here [set the date and time, configure the IP, generate certs, connect, initialize the HSM...]. However, if the Luna SA has been used before, then it might have been initialized with the option ."-authtimeconfig", which requires that the SO/HSM-Admin be logged in before you are allowed to set time/timezone. If that is the case, then you will need to log in with the old SO credentials, or initialize the HSM first, before you can set time and timezone.

 

Timezone Codes  

A list of timezone codes is provided in the Reference section.

If a code is depicted in the list as a major name (such as Canada) followed by a list of minor names (such as city names), then you write the major name, followed by a forward slash (“/”) followed by the minor name.

The code that you must apply from the list in the appendix may not look exactly like the code displayed by “status date”. For example, “status date” shows EDT (i.e., Eastern Daylight Time), but to set that you must type "EST5EDT", or “Canada/Eastern” or “America/Montreal” – a number of values produce the same setting.

  1. Use sysconf time to set the system time and date,  <HH:MM YYYYMMDD> in the format shown.
    Note that the time is set on a 24-hour clock (00:00 to 23:59).
    lunash:> sysconf time 12:55 20110410
    Sun April 10 12:55:00 EDT 2011

Possible alternate scenario

While attempting to set the time or zone, you might encounter a message saying that you must log into the HSM first.

lunash:>sysconf timezone set Europe/London

This HSM has been initialized to require that the SO is logged in
prior to running this command.

Verifying that the SO is logged in...

The SO is not currently logged in. Please login as SO and try again.

That message appears only if the HSM has been previously initialized with the "-authtimeconfig" option set. The work-around at this stage is to run the command hsm init -label <yourlabeltext> without the "-authtimeconfig" option, which releases that flag. That is, you can just skip ahead in these instructions and perform your intended initialization out of order, and then set the appliance time and zone, and carry on.We chose an order for these configuration instructions that is usually convenient and easy to understand, but having the system time set before initializing is not required. You can perform those actions out of order. It is important to have the time set before you create certificates, later on.

Network Time Protocol [optional]

If you wish to use Network Time Protocol (NTP), you must set the system time to within 20 minutes of the time given by the servers that you select. If the difference between NTP server time and the HSM appliance time is greater than 20 minutes, the NTP daemon ignores the servers and quits. 

To use NTP, add one or more servers to the HSM appliance's NTP server list, and then activate (enable) the servers. Use the sysconf ntp command as follows: 

Add servers
lunash:> sysconf ntp addserver <hostnameoripaddress> 

Activate servers
lunash:> sysconf ntp enable

 

Drift correction for the system clock

If you require that your appliance's system clock be as correct as is practical, but are unable to use NTP for the most accurate timekeeping possible, then you might wish to use the system's clock-drift correction protocol. View the Drift and Correction page for further information.

 

Go to "Configure IP and network parameters"

 

Show the Table of Contents