token pki
NOTE PKI mode is no longer supported and these commands have been deprecated.
Access the token pki commands. These commands allow you to operate token HSMs (with SafeNet Luna USB HSM connected to the SafeNet Luna Network HSM via USB) when used in PKI mode.
An external SafeNet Luna HSM can be USB-connected to a SafeNet Luna Network HSM appliance for:
>local backup/restore operations (SafeNet Luna Backup HSM)
>PKI bundle operations (SafeNet Luna USB HSM)
SafeNet Luna Network HSM does not pass PED operations and data through to an externally connected SafeNet Luna HSM from a Luna PED that is connected locally to the SafeNet Luna Network HSM.
If the external HSM is PED-authenticated, then the options for Luna PED connection are:
>local PED connection, directly to the affected HSM, when needed, or
>Remote PED connection, passed through the SafeNet Luna Network HSM
NOTE Support for PKI Bundles with Remote PED begins at firmware version 6.10.1 in the external HSM.
NOTE Support for locally connected Backup HSM with Remote PED, begins at firmware version 6.10.1 in the external HSM.
NOTE Use of Remote PED with an external device is made possible when you set up with the commands
hsm ped vector init -serial <serial#_of_external_HSM> and
hsm ped connect -serial <serial#_of_external_HSM>
before using token pki or token backup commands.
Syntax
token pki
activate
changepin
clone
deploy
factoryreset
listall
listdeployed
predeploy
resetpin
undeploy
update
| Option | Shortcut | Description |
|---|---|---|
| activate | a | Activate PKI Token for use with your application. See token pki activate. |
| changepin | ch | Change PKI Token PIN. See token pki changepin. |
| clone | cl | Clone PKI Token contents. See token pki clone. |
| deploy | d | Deploy PKI Token. See token pki deploy. |
| factoryreset | f | Factory Reset PKI Token. See token pki factoryreset. |
| listall | lista |
List All PKI Tokens. See token pki listall. |
| listdeployed | listd | List All Deployed Tokens. See token pki listdeployed. |
| predeploy | p | Pre-deploy PKI Token. See token pki predeploy. |
| resetpin | r | Reset PKI Token PIN. See token pki resetpin. |
| undeploy | un | Undeploy PKI Token. See token pki undeploy. |
| update | up | Access the token pki update commands.See token pki update. |
NOTE The above commands prepare an HSM, externally connected to a SafeNet Luna Network HSM appliance, for operation in the PKI use-case. However, once the external HSM has been deployed for PKI bundle, it must be assigned to the remote client, by means of the command client assignpartition.
