When to Restart NTLS

Here are the situations where NTLS needs restarting.

NOTE All client connections must be stopped before you restart NTLS.

>When you regenerate the server certificate (the interface prompts you to restart NTLS after regenerating the server cert)

>If you delete Partitions

>If you change binding settings (lunash:> ntls bind)

In all other circumstances, NTLS should remain running. If there are problems with clients connecting to the Luna Network HSM 7 appliance, other methods of debugging should be attempted before restarting NTLS.

Examples are:

>Confirming the fingerprint of the client certificate and the server certificate at both the client and the server (the Luna Network HSM 7 appliance).

>Verifying that the client is registered and has at least one Partition assigned to it.

Impact of the service restart ntls Command

If you perform lunash:> service restart ntls on a live, or production Luna appliance, any active sessions would be lost. That is, HSM Partitions would remain active, but Clients would need to re-connect and re-authenticate.

As a general rule, an NTLS restart is required immediately after a server certificate regeneration on a Luna appliance. This occurs under the following circumstances only:

>As part of original installation and setup.

>If you have reason to suspect that the Luna appliance's server certificate (private key) has been compromised.

In the former case, there is no impact. In the latter case, the brief disruption of active Clients would be overshadowed by the seriousness of the compromise.



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-04-30 08:42:52 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information