Open topic with navigation

Home >

LunaSH Command Reference Guide > LunaSH Commands > token > token pki deploy

token pki deploy

Make the pre-deployed (initialized) token/hsm available to the Luna SA appliance as another (removable) HSM partition or PKCS#11 slot, for use by your application(s).

Note:  It may take up to one minute for the token to be visible to all clients.

An external Luna HSM can be USB-connected to a Luna SA appliance for:

local backup/restore operations (Luna Backup HSM)

PKI bundle operations (Luna G5 HSM)

Luna SA does not pass PED operations and data through to an externally connected Luna HSM from a Luna PED that is connected locally to the Luna SA.

If the external HSM is PED-authenticated, then the options for Luna PED connection are:

local PED connection, directly to the affected HSM, when needed, or

Remote PED connection, passed through the Luna SA  

Note:  Support for PKI Bundles with Remote PED begins at firmware version 6.10.1 in the external HSM.

Note:  Support for locally connected Backup HSM with Remote PED,
begins at firmware version 6.10.1 in the external HSM.

Note:  Use of Remote PED with an external device is made possible when you set up with the commands
hsm ped vector init -serial <serial#_of_external_HSM>
and
hsm ped connect -serial <serial#_of_external_HSM>
before using token pki or token backup commands.  

 

Syntax

token pki deploy -label <token_label> -serial <serial_number>

Parameter Shortcut Description
-label -l

Specifies the name of the inserted, pre-deployed token to deploy.

-serial -s Specifies the serial number of the inserted, pre-deployed token to deploy.

Example

lunash:> token pki deploy -label mylunag5pki -serial 475289 
********************************************** 
*                                            * 
*   About to activate the token for testing. * 
*   Please pay attention to the PED          * 
*                                            * 
********************************************** 

Please enter the current user challenge: 

Success deploying token mylunag5pki with serial num 475289 !
 
Command Result : 0 (Success)

 

Note:  The above command prepares an HSM, externally connected to a Luna SA appliance, for operation in the PKI use-case. However, once the external HSM has been deployed for PKI bundle, it must be assigned to the remote client, by means of the command "client assignpartition".

Luna SA 6.0 Product Documentation
007-011136-008 Rev. A May 2015 Copyright 2015 SafeNet, Inc. All rights reserved.

Open topic with navigation