Home >

LunaSH Command Reference Guide > LunaSH Commands > token > token pki update capability

token pki update capability

Update PKI Token Capability, using a capability update package available on the SafeNet appliance (that is, a package that you have acquired from SafeNet, and transferred via scp, to the SafeNet appliance). Before you can use this command, you must:

acquire the secure package update file from SafeNet and send the file to the SafeNet Network HSM (using scp or pscp)

Note:  Use of older PuTTY versions, and related tools, can result in the appliance refusing to accept a connection. This can happen if a security update imposes restrictions on connections with older versions. To ensure compatibility, always use the versions of executable files included with the current client installer.

open the file on the SafeNet Network HSM with the lunash command package update <filename> -authcode <authcode>

An external SafeNet HSM can be USB-connected to a SafeNet Network HSM appliance for:

local backup/restore operations (SafeNet Backup HSM)

PKI bundle operations (SafeNet USB HSM)

SafeNet Network HSM does not pass PED operations and data through to an externally connected SafeNet HSM from a SafeNet PED that is connected locally to the SafeNet Network HSM.

If the external HSM is PED-authenticated, then the options for SafeNet PED connection are:

local PED connection, directly to the affected HSM, when needed, or

Remote PED connection, passed through the SafeNet Network HSM 

Note:  Support for PKI Bundles with Remote PED begins at firmware version 6.10.1 in the external HSM.

Note:  Support for locally connected Backup HSM with Remote PED,
begins at firmware version 6.10.1 in the external HSM.

Note:  Use of Remote PED with an external device is made possible when you set up with the commands
hsm ped vector init -serial <serial#_of_external_HSM>
and
hsm ped connect -serial <serial#_of_external_HSM>
before using token pki or token backup commands.  

 

A capability update or a firmware update is meant to be applied just one time to an HSM. If you attempt to re-apply a capability update to an HSM that already has the capability installed, the system throws an error like " C0000002 : RC_GENERAL_ERROR ". A similar result occurs if you attempt to install a particular firmware update more than once on one HSM. This is expected behavior.

Syntax

token pki update capability -serial <serialnum> -capability <capabilityname> [-force]

Parameter Shortcut Description
-capability -c Specifies the capability name.
-force -f

Force the action without prompting.

-serial -l Specifies the token serial number.

Example

lunash:> token pki update capability -serial 777199-capability newcapability -f
 
Success
Capability newcapability added.
 
Command result : 0 (Success)