Home >

token pki deploy

Note:  PKI mode is no longer supported and these commands have been deprecated.

Make the pre-deployed (initialized) token/hsm available to the SafeNet Luna Network HSM appliance as another (removable) HSM partition or PKCS#11 slot, for use by your application(s).

Note:  It may take up to one minute for the token to be visible to all clients.

An external SafeNet Luna HSM can be USB-connected to a SafeNet Luna Network HSM appliance for:

local backup/restore operations (SafeNet Luna Backup HSM)

PKI bundle operations (SafeNet Luna USB HSM)

SafeNet Luna Network HSM does not pass PED operations and data through to an externally connected SafeNet Luna HSM from a Luna PED that is connected locally to the SafeNet Luna Network HSM.

If the external HSM is PED-authenticated, then the options for Luna PED connection are:

local PED connection, directly to the affected HSM, when needed, or

Remote PED connection, passed through the SafeNet Luna Network HSM 

Note:  Support for PKI Bundles with Remote PED begins at firmware version 6.10.1 in the external HSM.

Note:  Support for locally connected Backup HSM with Remote PED, begins at firmware version 6.10.1 in the external HSM.

Note:  Use of Remote PED with an external device is made possible when you set up with the commands
hsm ped vector init -serial <serial#_of_external_HSM> and
hsm ped connect -serial <serial#_of_external_HSM>
before using token pki or token backup commands.

User Privileges

Users with the following privileges can perform this command:

Admin

Operator

Syntax

token pki deploy -label <tokenlabel> -serial <serialnum>

Option Shortcut Description
-label <tokenlabel> -l

Specifies the name of the inserted, pre-deployed token to deploy.

-serial <serialnum> -s Specifies the serial number of the inserted, pre-deployed token to deploy.

Example

lunash:> token pki deploy -label mylunag5pki -serial 475289 
********************************************** 
*                                            * 
*   About to activate the token for testing. * 
*   Please pay attention to the PED          * 
*                                            * 
********************************************** 

Please enter the current user challenge: 

Success deploying token mylunag5pki with serial num 475289 !
 
Command Result : 0 (Success)

 

Note:  The above command prepares an HSM, externally connected to a SafeNet Luna Network HSM appliance, for operation in the PKI use-case. However, once the external HSM has been deployed for PKI bundle, it must be assigned to the remote client, by means of the command client assignpartition.

SafeNet Luna Network HSM 7.0 Product Documentation
007-013576-002 Rev. A 02 June 2017 Copyright 2001-2017 Gemalto All rights reserved.