All Products
Search
Document Center

Step 6: Install an HSM client for Linux

Last Updated: Mar 12, 2021

Before you can manage and use your HSM instance from a Linux operating system, you must install an HSM client for Linux.

Install the HSM client and command line tools

Connect to your ECS instance. Then, download and install the HSM client and command line tools.

OS

Command

CentOS 8

  1. Download the following RPM package for the HSM client: hsm-client-v2.03.15.10-1.x86_64.rpm.

  2. Run the following command to install the RPM package:

sudo yum  
install -y ./hsm-client-v2.03.15.10-1.x86_64.rpm

If the installation is successful, the program and configuration files are installed in the /opt/hsm/ directory. If you require software support for other operating systems, submit a ticket or contact technical support by using DingTalk. For more information, see Contact us.

Edit the client configuration

Before you can use the HSM client to connect to your instance, you must edit the client configuration.

To edit the client configuration, perform the following steps:

  1. Open the configuration file /opt/hsm/etc/hsm_mgmt_tool.cfg and change the values of the name and hostname parameters to the IP address of your HSM instance. In this example, the name and hostname parameters are set to 172.16.0.2, which is the IP address configured for your HSM instance in Configure an IP address for HSM.

    {
    "servers": [
        {
            "name" : "172.16.0.2",
            "hostname" : "172.16.0.2",
            "port" : 2225,
            "certificate": "/opt/hsm/etc/client.crt",
            "pkey": "/opt/hsm/etc/client.key",
            "CAfile": "",
            "CApath": "/opt/hsm/etc/certs",
            "ssl_ciphers": "",
            "server_ssl" : "yes",
            "enable"    : "yes",
            "owner_cert_path":"/opt/hsm/etc/customerCA.crt"
        }],
    
        "scard": {
            "enable": "no",
            "port": 2225,
            "ssl": "no",
            "ssl_ciphers": "",
            "certificate": "cert-sc",
            "pkey": "pkey-sc",
        }
    }
  2. Open the configuration file /opt/hsm/etc/hsm_proxy.cfg and change the value of the hostname parameter to the IP address of your HSM instance. In this example, the hostname parameter is set to 172.16.0.2, which is the IP address configured for your HSM instance in Configure an IP address for HSM.

    {
    
        "ssl": {
            "certificate": "/opt/hsm/etc/client.crt",
            "pkey": "/opt/hsm/etc/client.key",
            "CApath": "/opt/hsm/etc/certs",
            "server_ssl": "yes",
            "server_ch_ssl_ciphers": "default"
        },
    
        "client": {
            "socket_type" : "UNIXSOCKET",
            "tcp_port" : 1111,
            "zoneid" : 0,
            "workers" : 1,
            "daemon_id" : 1,
            "reconnect_attempts": -1,
            "reconnect_interval": 30,
            "log_level": "INFO",
            "sslreneg": 0,
            "CriticalAlertScript": "",
            "e2e_owner_crt_path" : "/opt/hsm/etc/customerCA.crt",
            "create_object_minimum_nodes" : 1,
            "logfiles_location" : ""
        },
    
        "loadbalance" : {
            "enable" : "yes",
            "prefer_same_zone": "no",
            "success_rate_weight" : 1,
            "relative_idleness_weight" : 1
        },
    
        "dualfactor": {
            "enable" : "no",
            "port" : 2225,
            "certificate" : "certificate.crt",
            "pkey" : "pkey.pem",
            "dualfactor_ssl": "yes",
            "dualfactor_ch_ssl_ciphers": "default"
        },
    
        "server": {
            "hostname": "172.16.0.2",
            "port": 2224
        }
    }
    
  3. Go to Step 7: Initialize the cluster.