|
Home > |
|---|
This is the syntax of the pedServer command, which includes starting and stopping of the service, and an assortment of configuration options. Specify "pedserver" at the command line, plus one of the modes, plus any option applicable to that mode.
pedServer.exe –mode {start | stop | connect | disconnect | show | config }
-ip <ip address>
[-port <port number>]
[-force]
Note: When running pedserver -mode start on an IPv6 network, you must include the -ip <IPv6_address> option.
pedServer –appliance register
–name <unique name>
-certificate <Network HSM certificate file>
-ip <network-hsm-ip>
[-port <port number>]
Note: The -name parameter must be alphanumeric only: 0 through 9 or a through z or A through Z
No punctuation or special characters are permitted.
pedServer –appliance delete
–name <unique name>
[-force]
pedServer –appliance list
pedServer –regen -commonname [-force]
Note: When registering, the default port 9697 is assumed. However in the special case where another application already uses port 9697, port forwarding in a router could remap a different incoming port number (that you provide in the -appliance register command) to 9697 when forwarded to the SafeNet Network HSM.
C:\Program Files\SafeNet\LunaClient>pedserver -h
Ped Server Version 1.0.6 (10006)
Usage: pedServer [mode] [options...]
Explanation of the modes:
To query if a Ped Server is currently running, and to get details about
the Ped Server, use this command:
pedServer -mode show [ options... ]
To shut down an existing Ped Server, use this command:
pedServer -mode stop [ options... ]
To start the Ped Server, use this command:
pedServer -mode start [ options... ]
To show the existing configuration file settings, use this command:
pedServer -mode config -show
To restore the internal default configuration file settings, use this command:
pedServer -mode config -create [ options... ]
To modify the existing configuration file settings, use this command:
pedServer -mode config -set [ options... ]
To view a more detailed description of the Ped Server, use this command:
pedServer -mode desc
To connect to a Luna SA server or a PedClient (making a connection from pedServer to
Luna SA/PedClient), use this command:
pedServer -mode connect -name <label>
To disconnect from Luna SA server or a PedClient and start in service mode, use this command:
pedServer -mode disconnect
To register a Luna SA certificate or a PedClient , use this command:
pedServer -appliance register -name <label> -ip <connection IP address> -certificate <certif
icate file> [-port <port number>]
To delete a registered Luna SA server or a PedClient, use this command:
pedServer -appliance delete -name <label> [-force]
To list all registered Luna SA servers and PedClients, use this command:
pedServer -appliance list
To regenerate the client certificate, use this command:
pedServer -regen -commonname <common name> [-force]
Explanation of the options:
Any options that are not specified on the command line will be read from
the config file. If the config file cannot be found, internal default settings
will be used. Invalid options do not generate an error and are ignored.
-mode <mode> -> Specifies the mode that the Ped Server will be
executed in. The supported modes are "start",
"stop", "show", "config", "connect" and "disconnect".
-configfile <filename> -> Specifies the config file to use. Applicable to all
modes.
-appliance -> Certificate management of Luna SA servers and PedClients. The fol
lowing
actions are "register", "delete" and "list".
-regen -> Regenerate the client certificate. The client certificate
path is specified in Chrystoki configuration file.
-eserverport <0 or 1> -> Specifies if the server port is on "localhost"
or listening on the external host name. Applicable
to "start" and "config set" modes.
-port <server port> -> Specifies the server port number. Applicable to
"start", "show" and "config set" modes.
-ip <server IP> -> Specifies the server listening IP address if the mode is set
to "start" and "config set" modes.
-eadmin <0 or 1> -> Specifies if the administration port is on
"localhost" or listening on the external host
name. Applicable to "start" and "config set" modes.
-admin <admin port number> -> Specifies the administration port number.
Applicable to "start", "stop", and "show" modes.
-force -> When used with "-start", specifies that any existing
Ped Server currently running should be shutdown and a new
Ped Server started. Applicable to "start" mode.
-set -> When used with "-config", specifies that the
configuration file should be updated with values
of the other supplied options. Applicable to "config"
-show -> When used with "-config", specifies that the
contents of the configuration file should be displayed.
Applicable to "config" mode.
-idletimeout<int> -> Specifies the idle connection timeout in seconds.
Applicable to "start" and "config set" modes.
-socketreadtimeout <int> -> Specifies the socket read timeout in seconds.
Applicable to "start", "stop", "show" and
"config set" modes.
-socketwritetimeout <int> -> Specifies the socket write timeout in seconds.
Applicable to "start", "stop", "show" and
"config set" modes.
-internalshutdowntimeout <int> -> Specifies the shutdown timeout in seconds for
internal services.
Applicable to "start", "stop" and "config set"
modes.
-bgprocessstartuptimeout <int> -> Specifies the startup timeout for the detached
process.
Applicable to "start", "stop" and "config set"
modes.
-bgprocessshutdowntimeout <int> -> Specifies the shutdown timeout for the detached
process.
Applicable to "start", "stop" and "config set"
modes.
-loginfo <0 or 1> -> Specifies if the logger should log "info" messages.
Applicable to all modes.
-logwarning <0 or 1> -> Specifies if the logger should log "warning" messages.
Applicable to all modes.
-logerror <0 or 1> -> Specifies if the logger should log "error" messages.
Applicable to all modes.
-logtrace <0 or 1> -> Specifies if the logger should log "trace" messages.
Applicable to all modes.
-logfilename <filename> -> Specifies the log file name.
Applicable to all modes.
-maxlogfilesize <size> -> Specifies the maximum log file size in KB
Applicable to all modes.
-pinginterval <int> -> Specifies the interval in seconds for ping commands.
Applicable to "start" and "config set" modes.
-pongtimeout <int> -> Specifies timeout in seconds for the ping response.
Applicable to "start" and "config set" modes.
C:\Program Files\SafeNet\LunaClient>
Commands you are likely to use most often are PedServer mode start, to launch the service, when working in Client/Server mode, and PedServer mode show, to display its current status.
C:\Program Files\Safenet\LunaClient>PedServer.exe mode start
Ped Server Version 1.0.5 (10005)
Failed to load configuration file. Using default settings.
Ped Server launched in startup mode.
Starting background process
Background process started
Ped Server Process created, exiting this process.
C:\Program Files\Safenet\LunaClient>
C:\Program Files\Safenet\LunaClient>PedServer.exe mode show
Ped Server Version 1.0.5 (10005)
Failed to load configuration file. Using default settings.
Ped Server launched in status mode.
Server Information:
Hostname: OTT1-202311
IP: 192.20.10.190
Firmware Version: 2.5.0-1
PedII Protocol Version: 1.0.1-0
Software Version: 1.0.5 (10005)
Ped2 Connection Status: Connected
Ped2 RPK Count 1
Ped2 RPK Serial Numbers (5b420100834a2301)
Client Information: Not Available
Operating Information:
Server Port: 1503
External Server Interface: Yes
Admin Port: 1502
External Admin Interface: No
Server Up Time: 8 (secs)
Server Idle Time: 8 (secs) (100%)
Idle Timeout Value: 1800 (secs)
Current Connection Time: 0 (secs)
Current Connection Idle Time: 0 (secs)
Current Connection Total Idle Time: 0 (secs) (100%)
Total Connection Time: 0 (secs)
Total Connection Idle Time: 0 (secs) (100%)
Show command passed.
C:\Program Files\Safenet\LunaClient>
It might be necessary to regenerate the PedServer certificate:
C:\Program Files\SafeNet\LunaClient>PedServer.exe -regen -commonname 24.240_server -force Ped Server Version 1.0.6 (10006) Private Key created and written to: C:\Program Files\SafeNet\LunaClient\cert\client\24.240_server.pemKey Certificate created and written to: C:\Program Files\SafeNet\LunaClient\cert\client\24.240_server.pem Successfully regenerated the client certificate.
As well, you might have need to delete an appliance from the registered list
C:\Program Files\SafeNet\LunaClient>PedServer.exe -appliance delete -name SA62 -force Ped Server Version 1.0.6 (10006) Successfully deleted the registered appliance: SA62
PedServer is required to run on any computer that has a SafeNet Remote PED attached, and is providing PED services.
PedServer always works with an instance of PedClient.
PedClient could be running on a distant HSM host computer, or it could be running on the same computer that has the Remote PED attached and PedServer running. This would normally be the case where a SafeNet Remote Backup HSM or other HSM is also attached or embedded. In other words, the one computer could be carrying on both halves of the PedClient/PedServer conversation over two ports in its own memory.
PedServer can also run in peer-to-peer mode, where the server initiates the connection to the Client. This is needed when the Client (usually SafeNet Network HSM) is behind a firewall that forbids outgoing initiation of connections.
See "Remote Application Partition Backup and Restore Using the Backup HSM" on page 1 in the Administration Guide for more information.