Community Articles

Find and share helpful community-sourced technical articles.
avatar
Expert Contributor
##install Luna client, 
Unzip Luna client for example under /opt/LUNAHSM
under /opt/LUNAHSM/linux/64/
run 
sh install.sh all
Follow the the instructions below, for the questions asked, please answer as below :
Accept conditions
(y/n) y
Products
Choose Luna Products to be installed
  [1]: Luna SA
  [2]: Luna PCI-E
  [3]: Luna G5
  [4]: Luna Remote Backup HSM
  [N|n]: Next
  [Q|q]: Quit
Enter selection:  1
Products
Choose Luna Products to be installed
*[1]: Luna SA
  [2]: Luna PCI-E
  [3]: Luna G5
  [4]: Luna Remote Backup HSM
  [N|n]: Next
  [Q|q]: Quit
Enter selection:  n
Advanced
Choose Luna Components to be installed
  [1]: Luna Software Development Kit (SDK)
*[2]: Luna JSP (Java)
*[3]: Luna JCProv (Java)
  [B|b]: Back to Products selection
  [I|i]: Install
  [Q|q]: Quit
Enter selection:  i
List of Luna Products to be installed:
- Luna SA
List of Luna Components to be installed:
- Luna JSP (Java)
- Luna JCProv (Java)

... installation complete
<br>#now to swap the certificate : copy SERVER.pem from LUNA server to your KMS server /tmp
cp /tmp/SERVER.pem /usr/safenet/lunaclient/cert/server


#under lunaClient
[root@XXXXX lunaclient]# pwd
/usr/safenet/lunaclient


#get the local IP where the client is installed YY.YY.YY.YY (YY.YY.YY.YY is your local IP)
[root@XXXXX lunaclient]# bin/vtl createCert -n YY.YY.YY.YY
Private Key created and written to: /usr/safenet/lunaclient/cert/client/SERVERkey.pem
Certificate created and written to: /usr/safenet/lunaclient/cert/client/xx.xx.xx.xx.pem
#add a Luna SA Server to the trusted list of servers


[root@XXXXX lunaclient]# bin/vtl addServer -n xx.xx.xx.xx -c /usr/safenet/lunaclient/cert/server/SERVER.pem
New server xx.xx.xx.xx successfully added to server list.


transfer the pem generated to the Luna server.
SWAP COMPLETED.

[root@XXXXX lunaclient]# bin/vtl verify
1,607 Views
0 Kudos