This panel displays a list of automatically-discovered tokens that can be used to store certificates and keys. The Certificate System automatically discovers Safenet's LunaSA and nCipher's netHSM hardware security modules (HSM) and returns them on this screen. The discovery process assumes that the client software installations for these modules are local on the same system as the Certificate System subsystem and are in the following locations:
-
LunaSA:
/usr/lunasa/lib/libCryptoki2.so -
nCipher:
/opt/nfast/toolkits/pkcs11/libcknfast.so
Note
Previously, all possible slots had to be logged into before configuration could proceed; in Certificate System 7.3 it is possible to configure the instance while being logged into only one slot.
The LunaSA partitions, the nCipher slots, and the NSS internal software token are provided in this screen.
The internal software token is logged in by default. The password to this database is stored in /var/lib/instance_ID/conf/password.conf.
If an HSM module is selected, the administrator provides the password, and password.conf is updated with this information by default.
The status field in this panel describes the status of the token.
-
Found . The token was discovered by Certificate System and added to
secmod.db. -
Not-Found . The Certificate System was unable to find the supported HSMs.
-
Logged In . The login attempt to the slot was successful.
-
Not Logged In . The subsystem is not logged into the slot yet.
The login button corresponding to the slot brings up a login prompt for the token password.