Skip to main content
Skip table of contents

Slot Management

This section is only displayed in Webconf if an HSM is configured.

Webconf offers the possibility to configure the individual slots according to the given situation via the Slot Management.
Depending on how many Users are to access the slots at the various locations, they can be secured accordingly.
The following Actions are available:

Slot Initialization

  • Log in to the Next Generation Hardware Appliance.

  • Open the Security page.

  • Go to the HSM Configuration section.

  • Scroll down to the Slot Management table.

  • Click Initialize Slot in the Actions column in the Slot Management table to open the corresponding form:

Initialize Slot #x

General

Authorization PIN Pad: Use the drop-down menu to select the PIN pad to be used to authenticate the administrator during slot initialization.

Description: Enter a description for the Slot (optional).

Authentication

Enable Automatically generate PIN to automatically generate the PIN for this slot.

or

Enter and repeat the Slot PIN manually to specify the PIN to be used for logging into the slot.
(This option is hidden as soon as the function Automatically generate PIN is enabled.)

Application

Enabling Create CryptoToken in EJBCA to automatically create a CryptoToken in EJBCA during the Slot Initialization.

If the Slot Initialization with Smart Card Activation (SCA) option is not to be used:

  • Click Initialize Slot to confirm your entries or Cancel to quit the form.

  • If the Slot Initialization with Smart Card Activation (SCA) option is to be used, continue.

Slot Initialization with Smart Card Activation (SCA)

For Slot Initialization with Smart Card Activation (SCA), simply continue with the next section in the Initialize Slot #x form.

Smart Card Activation

Smart Card Activation Users: Use the drop down menu to specify how many SCA Users should be created.
Up to five Users can be selected. (e.g. 3 SCA Users Required)
Smart Cards: Use the drop down menu to specify if to
- reuse existing Smart Cards
- generate new Smart Cards with amount of copies (e.g. Generate new with 2 copies).

SCA User Mapping

PIN Pad Locations
The SCA Users are listed. Use the drop down menu behind the single User to select which PIN pad should be used.

Click Initialize Slot to confirm your entries or Cancel to quit the form.

Important: The definition of the Smart Cards in Smart Card Activation affects all users.

HSM Slot Initialization Process

The HSM Slot Initialization starts.
PIN pad interaction is required.
Follow the prompts shown on the PIN pad display.

This process is identical, regardless of whether SCA has been activated!
Only additional PIN pad actions are required for SCA Users.

The Guided Setup dialog for Initialize Slot #x is displayed.
In the dialog a summary of the slot is displayed, showing the Description of the choices made on the slot. This modal dialog guides you through the rest of the process.

Click Submit to confirm the settings and proceed.

Follow the prompts of the PIN pad.
The Administration Smart Card and all authenticated User Cards will be needed for PIN pad interactions.

Applicable if all authenticated User Cards are required:
If Reuse an existing Smart Card is applied, the number x of SCA User is required.
or
If Generate new with x copies is selected, the number of copies x of number x of SCA Users is required.

  • For a local PIN pad connection: ensure that the PIN pad is properly connected to a USB port on the front side of the device.

  • For a remote PIN pad connection: ensure that the PPD software for Linux or Windows has been downloaded and installed correctly beforehand.

  • Make sure that the PIN Pad Smart Cards are within reach.

After completing the Guided Setup, click Finalize to end the process.

SCA is not used:
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Disabled in the Smart Card Activation column.

SCA is used:
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Enabled in the Smart Card Activation column.

To be able to work in Application Admin Web, the activation of SCA for slots in Webconf would require SCA Authentication with SCA User Cards. A dialog box on the Overview page after Slot Initialization indicates this.

HSM Slot successfully initialized

The last modal dialog shows the automatically generated PIN if this function has been enabled.
This PIN is only displayed once at this point. Make sure you save it.
Click Close to exit the dialog.

Change PIN for Slot

  • Log in to the Next Generation Hardware Appliance.

  • Open the Security page.

  • Go to the HSM Configuration section.

  • Scroll down to the Slot Management table.

  • Click Change PIN in the Actions column in the Slot Management table for an initialized slot to open the corresponding form:

Change PIN for Slot #x

General

Description

If a description has been assigned for the selected slot, it will appear automatically.

Authentication

Current Slot PIN

In order to change the Slot PIN, provide the Current Slot PIN.

For auto-generated PIN enable Automatically generate PIN to automatically generate the PIN for this slot.

or

For manually PIN entry, enter the Slot PIN to specify the PIN to be used for logging into the slot.

For manually PIN entry, repeat the Slot PIN.

  • Click Change Slot PIN to confirm your entries or Cancel to quit the form.

Once the process is complete, EJBCA will ask to log in to the slot again with the new PIN.

Slot Decommission

  • Log in to the Next Generation Hardware Appliance.

  • Open the Security page.

  • Go to the HSM Configuration section.

  • Scroll down to the Slot Management table.

  • Click Decommission in the Actions column in the Slot Management table for an initialized Slot to open the corresponding form:

Decommission Slot #x

Decommission Method

Authorization PIN Pad

Use the drop-down menu to select the PIN pad to be used to authorize the administrator card during decommissioning of the slot.

Do not enable Re-Initialize Slot.

Application

Enable Remove CryptoToken from EJBCA if you also want to remove the CryptoToken for this slot from the EJBCA.

  • Click Decommission Slot to confirm the settings and proceed.
    PIN pad interaction is required.
    Follow the prompts shown on the PIN pad display.
    The Administration Smart Card will be needed for PIN pad interactions.

  • After completing the process, click Finalize to end the Guided Setup.

In the Slot Management table, the slot is displayed as Uninitialized in the Status column and as Disabled in the Smart Card Activation column.

Decommissioning a slot with deactivated SCA is the same process as decommissioning a slot with activated SCA.

Slot Re-initialization

  • Log in to the Next Generation Hardware Appliance.

  • Open the Security page.

  • Go to the HSM Configuration section.

  • Scroll down to the Slot Management table.

  • Click Decommission in the Actions column in the Slot Management table for an initialized Slot to open the corresponding form:

Decommission Slot #x

Decommission Method

Authorization PIN Pad

Use the drop-down menu to select the PIN pad to be used to authorize the administrator card during re-initialization of the slot.

Enable Re-Initialize Slot.

General

Description

If a description has been assigned for the selected slot, it will appear automatically.

Authentication

Current Slot PIN

In order to change the Slot PIN, provide the Current Slot PIN.

For auto-generated PIN enable Automatically generate PIN to automatically generate the PIN for this slot.

or

For manually PIN entry, enter the Slot PIN to specify the PIN to be used for logging into the slot.

Smart Card Activation

Use the drop-down menu to select how many SCA Users should be created.

  • Click Re-Initialize Slot to confirm the settings and proceed.
    Follow the prompts on the PIN pad(s).
    The Administration Smart Card and all authenticated User Cards will be needed for PIN pad interactions.

  • After completing the process, click Finalize to end the Guided Setup.

SCA is used:
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Enabled in the Smart Card Activation column.

SCA is not used:
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Disabled in the Smart Card Activation column.

SCA Configuration

In the Slot Management table, the column Smart Card Activation can display Enabled or Disabled for a slot.

  • Configure SCA function if SCA is Disabled:
    If you click Configure SCA in the Actions column in the Slot Management table for an Initialized slot to open the corresponding form: Configure Smart Card Activation for Slot #x the same process described in: Smart Card Activation (SCA) starts.

  • Configure SCA function if SCA is Enabled:
    SCA Settings can be customized here.

  • In the sub section Smart Card Activation:
    Enable: Adjust SCA Settings.

  • In Smart Card Activation Users adjust the amount of Users and Smart Cards.

If a User is to be removed, select SCA with x SCA Users (where x is one User less than the previous number). SCA is then configured with the reduced number of SCA Users.
The Smart Cards of the remaining Users can be reused or rewritten.

  • Continue with the Slot Authorization:
    Slot PIN: Specify the PIN that should be used to log into the slot.
    Authorization PIN Pad: In the drop-down menu, select the PIN pad that is to be used to authenticate the administrator during the initialization of the slot.
    All available PIN pads are listed.

  • In the sub section SCA User Mapping:
    In the drop-down menu, select which PIN pad should be used per User.

  • Click Update to confirm the settings and proceed.

  • The Guided Setup dialog for Configure SCA for Slot #x is displayed.
    The Administration Smart Card and all authenticated User Cards will be needed for PIN pad interactions.
    In the dialog, a summary of all the information you have entered is displayed at the top of the window.

  • Click Submit to start the configuration.
    Follow the prompts on the PIN pad(s).

  • After completing the process, click Finalize to end the Guided Setup.


In the Slot Management table, the slot is displayed as Initialized in the Status column and as Enabled in the Smart Card Activation column.

SCA Deactivation

  • Log in to the Next Generation Hardware Appliance.

  • Open the Security page.

  • Go to the HSM Configuration section.

  • Scroll down to the Slot Management table.

  • Click Initialize Slot in the Actions column in the Slot Management table to open the corresponding form:

  • In the sub section Smart Card Activation:
    Enable: Adjust SCA Settings.

  • In Smart Card Activation Users select No Smart Card Activation from the drop down menu.

  • In the sub section Slot Authorization:
    Slot PIN: Enter the PIN that should be used to log into the slot.
    Authorization PIN Pad: In the drop-down menu, select the PIN pad that is to be used to authenticate the administrator during the initialization of the slot.

  • Click Update to start the Guided Setup.

  • Follow the prompts on the PIN pad(s).
    The Administration Smart Card will be needed for PIN pad interactions.

  • After completing the process, click Finalize to end the Guided Setup.


In the Slot Management table, the slot is displayed as Initialized in the Status column and as Disabled in the Smart Card Activation column.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close