|
Home > |
|---|
The STC client identities are not backed up with the HSM configuration and you must re-register them manually after HSM zeroization. See Restoring STC After HSM Zeroization for an outline of this process.
If you regenerate the HSM Server Certificate on the appliance (using the command sysconf regencert in the LunaSH Command Reference Guide), you must complete the following steps to restore any STC links to the appliance:
1.Using LunaSH, restart the NTLS and STC services.
service restart ntls
service restart stc
2.Provide the new HSM Server Certificate (server.pem) to each client by scp, pscp, or other secure means.
1.Delete the original server identity from the client using the vtl utility.
vtl deleteserver -n <server_IP_or_hostname>
2.Register the new HSM Server Certificate you received from the HSM SO.
vtl addserver -n <server_IP_or_hostname> -c <server_certificate_filename>
3.Run LunaCM, find the new Server ID, and enable STC for the server.
clientconfig listservers
stc enable -id <server_ID>
The salogin utility is compatible with NTLS-enabled slots only. If you attempt to use the salogin utility with an STC-enabled slot, you will get an error similar to the following. See Using the salogin Utility in the Utilities Reference Guide for more information:
# ./salogin -o -s 0 -i 1:1 -p userpin
CA_OpenApplicationID: failed to open application id. err 0x80000030
token not present or app id already open?