Setting up NTLS
The steps for registering an NTLS client are described in this recipe. It is assumed that you are authenticated with the REST API.
Step 1: Generate client certificate
Step 1: Generate client certificate
To generate a certificate, call vtl createCert with the appropriate certificate data.
NOTE The common name should be something that addresses the client you wish to connect, i.e. IP or domain name.
Example:
c:\Program Files\SafeNet\LunaClient>vtl createCert -n 172.20.9.171
Private Key created and written to: C:\Program Files\SafeNet\LunaClient\cert\client\172.20.9.171Key.pem
Certificate created and written to: C:\Program Files\SafeNet\LunaClient\cert\client\172.20.9.171.pem
Step 2: Create client on SA
To create the client, POST to /api/lunasa/ntls/clients with the client ip, name and certificate.
NOTE Encode the scripts to maintain newlines.
Example:
----------------Request----------------
URL:
POST:/api/lunasa/ntls/clients
Headers:
{'Content-Type': 'application/vnd.safenetinc.lunasa+json;version=3'}Payload:
{"ip": "172.20.9.171", "clientName": "testClient", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDMKvF<..........>jlQ\nv/VBhn0=\n-----END CERTIFICATE-----"}----------------Result----------------
Headers:
{'access-control-allow-origin': '*', 'content-type': 'application/json', 'location': '/api/lunasa/ntls/clients/testClient', 'content-length': '23', 'access-control-allow-credentials': 'true'}Data:
{"client": "testClient"}
Step 3: Add server on client
To add the server to a particular client, download the server certificate, GET to /api/lunasa/ntls/certificate and save the content to a file, i.e. server.pem
Example:
----------------Request----------------
URL:
GET:/api/lunasa/ntls/certificate
Headers:
{'Content-Type': 'application/vnd.safenetinc.lunasa+json;version=3'}Payload:
{}----------------Result----------------
Headers:
{'access-control-allow-origin': '*', 'content-type': 'application/json', 'content-length': '1202', 'access-control-allow-credentials': 'true'}Data:
{"certificate": "-----BEGIN CERTIFICATE-----MIIDLzCCAhegAwIBAgIBADANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJDQTEQ
MA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5
c2FsaXMtSVRTMREwDwYDVQQDDAhoYXRlc3QyMjAeFw0xNjAyMDExNzA0MTNaFw0y
NjAyMDIxNzA0MTNaMFsxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
DQYDVQQHDAZPdHRhd2ExFjAUBgNVBAoMDUNocnlzYWxpcy1JVFMxETAPBgNVBAMM
CGhhdGVzdDIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZT4Jfp9
UMDP1wdUbnyGTdAmknkPXp70tAMwyUW6jFplE0+/10ipSHAxNM8J0f93xq53A3dn
k7c0hImGokwSXQgNPsJapjrbjNeFJKJP7/vFLjTu0skO0kBQa6ny8VDAnCKSq1GW
R9+GmU2TprF2DslDCs0xAsXHyRKGeZ5Og421ntFk+PX62sL6DSDzZkBO8qO2dM8x
e/R0tiIu5qltO5q5BuFcRIbkMjp00knbHBkHnYL9egRODh/4Vh8a9y48ey0OPLja
f5DgJGKQM4AXznJ8tcmsMKvPuWnQzBVGIXxvrYBawaGjfHLT0VmTnU+yOSDNZqBm
CbtrPcIsHrkfLwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBXDpPHmAppfLJuFHE9
1P9ALOQZa1uIYmBIZPWRlNwLIdkc4YBKCzaolqxQdmqmYpKSUm+XjDIwu+6PAvio
GwINRzI9LSB1K627Tqm6s5HPayRfsIqSkaQTsVygSCRbp0/rPy0LC+TnHvz4x0/D
aW9mc3MrQ873t2P3c8qG4oRZELQXVrmwAXA0ZI5Sc8lJFFNmVQEU5PVylKB8+cHh
xXJfkH/DHqtHjgQNYHZZlCzCPI57o5mDNq7HHXg+tpHRA7tVuRB9aj82hF22ZPA7
nByguPfmeKLUr4ETWBBJfPyuWAp2jKEzLzoKG5DFwkZAdoJ3augvvi6mCTUd/XeO
WWKM
-----END CERTIFICATE-----
"}
Add the server onto the client by calling vtl addServer with the server hostname (ip in some cases) and location to the server certificate.
Example:
c:\Program Files\SafeNet\LunaClient>vtl addServer -n 172.20.9.22 -c server.pem
New server 172.20.9.22 successfully added to server list.
Step 4: Register a partition
Assuming a partition exists on your appliance, POST to /api/lunasa/ntls/clients/<clientName>/partitions with the partition serial number, where <clientName> is the name of the client you wish to use.
Example:
----------------Request----------------
URL:
POST:/api/lunasa/ntls/clients/testClient/partitions
Headers:
{'Content-Type': 'application/vnd.safenetinc.lunasa+json;version=3'}Payload:
{"partitionID": "362126088871"}----------------Result----------------
Headers:
{'access-control-allow-origin': '*', 'content-type': 'application/json', 'location': "/api/lunasa/ntls/clients/testClient/partitions/'P1'", 'content-length': '22', 'access-control-allow-credentials': 'true'}Data:
{"partitionID": "'P1'"}
Step 5: Verify
Call vtl verify and check the slots for the partition.
Example:
c:\Program Files\SafeNet\LunaClient>vtl verify
The following Luna SA Slots/Partitions were found:
Slot Serial # Label
==== ================ =====
0 362126088871 P1
