Home >

LunaSH Command Reference Guide > LunaSH Commands > token > token pki deploy

token pki deploy

Make the pre-deployed (initialized) token/hsm available to the SafeNet Network HSM appliance as another (removable) HSM partition or PKCS#11 slot, for use by your application(s).

Note:  It may take up to one minute for the token to be visible to all clients.

An external SafeNet HSM can be USB-connected to a SafeNet Network HSM appliance for:

local backup/restore operations (SafeNet Backup HSM)

PKI bundle operations (SafeNet USB HSM)

SafeNet Network HSM does not pass PED operations and data through to an externally connected SafeNet HSM from a SafeNet PED that is connected locally to the SafeNet Network HSM.

If the external HSM is PED-authenticated, then the options for SafeNet PED connection are:

local PED connection, directly to the affected HSM, when needed, or

Remote PED connection, passed through the SafeNet Network HSM 

Note:  Support for PKI Bundles with Remote PED begins at firmware version 6.10.1 in the external HSM.

Note:  Support for locally connected Backup HSM with Remote PED,
begins at firmware version 6.10.1 in the external HSM.

Note:  Use of Remote PED with an external device is made possible when you set up with the commands
hsm ped vector init -serial <serial#_of_external_HSM>
and
hsm ped connect -serial <serial#_of_external_HSM>
before using token pki or token backup commands.  

 

Syntax

token pki deploy -label <token_label> -serial <serial_number>

Parameter Shortcut Description
-label -l

Specifies the name of the inserted, pre-deployed token to deploy.

-serial -s Specifies the serial number of the inserted, pre-deployed token to deploy.

Example

lunash:> token pki deploy -label mylunag5pki -serial 475289 
********************************************** 
*                                            * 
*   About to activate the token for testing. * 
*   Please pay attention to the PED          * 
*                                            * 
********************************************** 

Please enter the current user challenge: 

Success deploying token mylunag5pki with serial num 475289 !
 
Command Result : 0 (Success)

 

Note:  The above command prepares an HSM, externally connected to a SafeNet Network HSM appliance, for operation in the PKI use-case. However, once the external HSM has been deployed for PKI bundle, it must be assigned to the remote client, by means of the command client assignpartition.

SafeNet Network HSM 6.3 Product Documentation
007-011136-015 Rev. A 14 July 2017 Copyright 2001-2017 Gemalto All rights reserved.