|
Home > |
|---|
Here are the situations where NTLS needs restarting.
Note: All client connections must be stopped before you restart NTLS.
•When you regenerate the server certificate (the interface prompts you to restart NTLS after regenerating the server cert)
•If you delete Partitions
•If you change binding settings (with ntls bind)
In all other circumstances, NTLS should remain running. If there are problems with clients connecting to the SafeNet appliance, other methods of debugging should be attempted before restarting NTLS.
Examples are:
•Confirming the fingerprint of the client certificate and the server certificate at both the client and the server (the SafeNet appliance).
•Verifying that the client is registered and has at least one Partition assigned to it.
If you perform a service restart ntls on a live, or production SafeNet appliance, any active sessions would be lost. That is, HSM Partitions would remain active, but Clients would need to re-connect and re-authenticate.
As a general rule, an NTLS restart is required immediately after a server certificate regeneration on a SafeNet appliance. This occurs under the following circumstances only:
•As part of original installation and setup.
•If you have reason to suspect that the SafeNet appliance's server certificate (private key) has been compromised.
In the former case, there is no impact. In the latter case, the brief disruption of active Clients would be overshadowed by the seriousness of the compromise.