Task 5: Configuring the Client System to Access the HSM

To establish a connection with the HSM from the client system, perform the following steps in this procedure.

Note:

  • You must configure each client individually to use the nShield Connect.

  • Before attempting client configuration, you must first obtain the following information from the nShield Connect front panel:

    • ESN (Electronic Serial Number)

    • HSM IP address

    • Hash of the KNETI key (nCipher integrity key)

The ESN and hash of the KNETI key are also readable from the nCipher anonkneti utility in <installdir>\nCipher\nfast\bin\. From this directory, you must enter the following command:

Copy 
anonkneti - <netHSM IP>
Note: If necessary, in the following commands and examples, replace C:\Program Files with your nCipher installation directory.

  1. On the client system, open a DOS command prompt window, and enter the following commands:

    Copy 
    C:\Program Files\nCipher\nfast\bin>nethsmenroll --force -p <netHSM IP> <netHSM ESN> <netHSM KNETI HASH>
    2. Important: You must enter two (2) dashes (--) with the force option as shown in the following example (in bold):
      Copy
      C:\Program Files\nCipher\nfast\bin> nethsmenroll --force -p 192.168.5.100 683E-33D9-2AF5 95a316146da7d9feb1fb0258746baed9990776c7

  2. Enable the TCP socket for Java and KeySafe by entering the following command:

    Copy 
    C:\Program Files\nCipher\nfast\bin\config-serverstartup –sp

  3. Stop the hardServer on the client by entering the following command:

    Copy 
    C:\Program Files\nCipher\nfast\bin\net stop “nfast server”
    Note: The hardServer is the nCipher software that controls communication between the hardware and the applications running on the client system. “nfast server” represents the name of the server.

  4. Restart the hardServer by entering the following command:

    Copy 
    C:\Program Files\nCipher\nfast\bin\net start “nfast server”

  5. Verify that you can launch the KeySafe utility.

    Note: Repeat the previous steps for each client system with which you intend to connect to the HSM.

  6. Confirm that the HSM and Client connection is working by opening a DOS command prompt window and entering the following command:

    Copy 
    C:\Program Files\nCipher\nfast\bin>enquiry

In response to the enquiry request, the Connection Status for the module must return an OK response to indicate there has been a successful installation. If any errors occur, please see the nCipher technical documentation for details and more information.