Home > |
---|
Add a client to the list of clients that can access the Luna appliance's NTLS. A client must be registered before you can assign partitions to it.
Note: The client's certificate file is needed to perform the registration.
client register -client <clientname> [-hostname <hostname>] [-ip <ipaddress>] [-requirehtl] [-ottexpiry <seconds>] [-generateott] [-force]
Parameter | Shortcut | Description |
---|---|---|
-client | -c | The new client's name. The user may choose any name, so long as it is less than 255 characters, and is unique among all clients on the Luna HSM appliance. The client name need not be the hostname of the client. |
-force | -f | Force the action without prompting. |
-generateott | -g | Specifies creation of a one-time token as the client is registered. The name of the created file is the client name that you provided (above). Requires the -requirehtl option. Selecting this option is the equivalent of running the command htl generateott -client <clientname>. |
-hostname | -h |
The hostname of the new client. Use this parameter if the client certificate (and server certificates) were created with hostnames. If the certificates were created with IP addresses, use the -ip parameter instead. |
-ip | -i |
The IP address of the new client. Use this parameter if the client certificate (and server certificates) were created with IP addresses. If the certificates were created with hostnames, use the -hostname parameter instead. |
-ottexpiry | -o | Sets the time, in seconds, before a one-time token (OTT) expires (values can be positive integers in the range of 0-to-3600 seconds). For practical reasons, you must allow at least enough time for certificate transfer, or the OTT could expire before it is ready to use. Requires the -requireHtl option. If the -ottExpiry option is not specified, the system-default OTT expiry for that client is used. |
-requirehtl | -r | Specifies that the HTL protocol is required for all interactions between this client and the HSM appliance. |
lunash:>client register -c someclient -h someclient -r -g -f
Force option used. All proceed prompts bypassed.
'client register' successful.
Generating one-time token...
One-time token for client someclient is ready to use.
Filename is someclient.ott
Command Result : 0 (Success)