Support Questions

Dalier · ‎10-23-2025

Hello.

I have configured the HSM.

However, testing per Validating Key HSM Settings fails.

Settings
----------

# sudo service keyhsm settings

keyHsm Server Configuration information:
keyhsm.management.address : 127.0.0.1
keyhsm.server.port : 9090
keyhsm.management.port : 9899
keyhsm.service.port : 19791
keyhsm.jvm.heap.mx.gb : 2
keyhsm.hardware : ncipher

Module OCS Password

thales.ocs_password : V6DvCGbrimcD7UPA6QnoOhJb37mFOuoScY30LfWjDwvCybL4E99eT5SKUOcZdu6pq5y66iROKZboNagXzCRxl4x7+N3C3ypKzUJV5UwV3hBjaNS2/qpbyUQD+UUgCoOkm6CxuiOFbOu9CmhnlHBC2UwxqjtnMrtzCR7XMI/Vegm6iZGwR9YWFSeTRRjPkQ/Rhce81hTIqmk7U0+LGHEK+niuARmVt6EG7nmDvZMQufqhOoG2yd4FlYKv2Lv9dDKEKTByv/xoT+/Qh/+Y+8ZbuZHDbEPPzJrq6K848jXhV2wBGTt4RJeKayBzUjwix2LREonTcOctgDf/oJhuIbS2dA==

Status
--------

[root@cloudera-manager ~]# sudo service keyhsm status
Key HSM is running as of Thursday October 23rd, 2025 (10:32 AM), (Started : Thursday October 23rd, 2025 (10:29 AM))

Validation failed
--------------------

What is port 11371?

# curl -k https://localhost:11371/test_hsm
curl: (7) Failed to connect to localhost port 11371: Connection refused

Shouldn’t it be 9090, or 19791?

# curl -k https://localhost:9090/test_hsm
curl: (35) error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate

# curl -k https://localhost:19791/test_hsm
curl: (7) Failed to connect to localhost port 19791: Connection refused

I completed Generate TLS Certificates.

Dalier.

Dalier · ‎10-23-2025

Update:

# curl -k -v http://localhost:9090/test_hsm
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 9090 (#0)
> GET /test_hsm HTTP/1.1
> Host: localhost:9090
> User-Agent: curl/7.61.1
> Accept: */*
>
Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
Warning: <FILE>" to save to a file.
* Failed writing body (0 != 7)
* Closing connection 0

Cloudera Community

Support Questions

Testing HSM connection falied