Open topic with navigation

token pki update

Access the pki update commands to update the token capabilities or firmware.

Luna shell (lunash:>) token pki commands on Luna SA would be unable to see Luna G5 HSM PKI slots connected to a remote workstation. Either connect the Luna G5 HSM locally to the Luna SA USB port to use token backup commands, or use VTL commands on an HSM connected to a computer configured as a Client of your Luna SA.

An external Luna HSM can be USB-connected to a Luna SA appliance for:

•local backup/restore operations (Luna Backup HSM)

•PKI bundle operations (Luna G5 HSM)

Luna SA does not pass PED operations and data through to an externally connected Luna HSM from a Luna PED that is connected locally to the Luna SA.

If the external HSM is PED-authenticated, then the options for Luna PED connection are:

•local PED connection, directly to the affected HSM, when needed, or

•Remote PED connection, passed through the Luna SA  

Note:  Support for PKI Bundles with Remote PED begins at firmware version 6.10.1 in the external HSM.

Note:  Support for locally connected Backup HSM with Remote PED,
begins at firmware version 6.10.1 in the external HSM.

Note:  Use of Remote PED with an external device is made possible when you set up with the commands
hsm ped vector init -serial <serial#_of_external_HSM>
and
hsm ped connect -serial <serial#_of_external_HSM>
before using token pki or token backup commands.  

A capability update or a firmware update is meant to be applied just one time to an HSM. If you attempt to re-apply a capability update to an HSM that already has the capability installed, the system throws an error like " C0000002 : RC_GENERAL_ERROR ". A similar result occurs if you attempt to install a particular firmware update more than once on one HSM. This is expected behavior.

Syntax

pki update

capability
firmware
login
logout
show

Luna SA 6.0 Product Documentation
007-011136-008 Rev. A May 2015 Copyright 2015 SafeNet, Inc. All rights reserved.

Open topic with navigation