Troubleshooting Network HSMs

Using the ‘hsm show’ Configuration Command

To gather the most current configuration information (appliance details, HSM details, partition details, and FIPS Federal Information Processing Standard 140-2 status), run the following command:

Copy

[ade_luna_sa] lunash:>hsm show
 
   Appliance Details:
   ==================
   Software Version:                4.3.2-21
 
   HSM Details:
   ============
   HSM Label:                       ade_luna_sa     
   Serial #:                        950217
   Firmware:                        4.6.1
   Hardware Model:                  Luna K5
   Authentication Method:           PED keys
   
   HSM Admin login status:          Logged In
   HSM Admin login attempts left:   3 before HSM zeroization!
   MofN activation status:          M of N not used
 
   Partitions created on HSM:
   ==========================
   Partition: 902514001,     Name: ade_partition
  
      FIPS 140-2 Operation:
   =====================
   The HSM is NOT in FIPS 140-2 approved operation mode.
   Command Result: 0 (Success)

Generating an HSM Log File

You can generate an HSM log file that contains the current support information using the ctp utility. The file can be shared with either the HID Global or Thales / Thales TCT Support staff. Use the following sample as a guide:

Copy

[cmslunasa] lunash:>hsm -su
'hsm supportInfo' successful.
Use 'ctp' from a client machine to get file named:
supportInfo.txt
Command Result: 0 (Success)