|
Home > |
Appliance Administration Guide > Configuration without One-step NTLS > [Step 3] Initialize the HSM > About Initializing a PED-Authenticated HSM
|
|---|
In this section, you initialize the HSM portion of the SafeNet appliance, and set any policies that you require. In normal operation, you would perform these actions just once, when first commissioning your SafeNet appliance.
Note: Perform initialization only after you have
set the system-level parameters (time,
date, timezone, use of NTP (Network Time Protocol), etc.)
,
and configured network and IP settings to work with your network.
...but there's an exception ...
The statement above applies reliably to a new SafeNet Network HSM appliance, or one that has been factory reset. One of the options when initializing an HSM is to forbid changing of time/timezone without HSM login (hsm init -label myluna -authtimeconfig). If you make that choice, then it remains in force until you change it. Therefore, if you are following these steps for a SafeNet Network HSM appliance that is not fresh from the factory, or freshly factoryReset, then you might need to take these instructions slightly out of order and perform time-related setting changes after you initialize, rather than before.
Initialization prepares the HSM for use by setting up the necessary identities, ownership and authentication that are to be associated with the HSM. You must initialize an HSM one time before you can generate or store objects, allow clients to connect, or perform cryptographic operations.
If you have not used SafeNet HSMs and PED Keys before, please read the sub-section PED Key Management Overview in the Administration Guide, before you start initializing.
Once you have initialized an HSM, you would return to this section only to clear an entire HSM and all its contents and HSM Partitions, by re-initializing.
If you received your SafeNet HSM in Secure Transport Mode, then a preliminary step is required before you can initialize; see Recover the SRK.
Otherwise, go directly to Initializing a PED-Authenticated HSM.