Slot Management for Luna S790

1. Log in to the Next Generation Hardware Appliance.

2. Open the Security page.

3. Go to the HSM Configuration section.

4. Scroll down to the Slot Management table.

5. Ten Slots are available.

As long as no slots have been initiated, they appear in the table as follows:

Webconf offers the option to cancel/abort the process at various points during initialization.

Slot Initialization

• Click Initialize Slot in the Actions column in the Slot Management table to open the corresponding form. 

• Click Initialize Slot to confirm your entries or Cancel to quit the form.

• The HSM Slot Initialization starts. A series of steps with different queries for the different PED Keys must be run through.

• Click Finalize to finish the initialization.

• After the slot has been initialized, it will appear in the table as follows:

Slot Decommission

• Click Decomission in the Actions column in the Slot Management table for an initialized Slot to open the corresponding form:

Decommission Method

• Select Re-initialize Slot if the to slot is to be reinitialized instead of decommissioned.

• If so, a field opens to add a description to the slot.

Authentication

• Enable Automatically generate PIN to automatically generate the PIN for this slot.

• Or enter and repeat the Slot PIN manually to specify the PIN to be used for logging into the slot.

Application

• Enable Create CryptoToken in EJBCA to automatically create a CryptoToken in EJBCA during the Slot Initialization.

• Enable Create CryptoWorker in SignServer to automatically create a CryptoWorker in SignServer during the Slot Initialization.

Remote PED

• If this option is activated, the remote PED is used. If the checkbox is not selected, the PED must be connected directly to the HSM on the backside of the appliance.

• Click Decommission Slot to continue.

• The HSM Slot decommission opens.

For a remote PED connection, ensure that the PED server and client are properly configured.

Make sure the labeled PED Keys are within reach.

• A series of steps with different queries for the different PED Keys must be run through.

• Click Finalize to finish the decommission.

Deactivate Slot

• Click Deactivate in the Actions column in the Slot Management table for an initialized Slot to deactivate the slot.

• A pop-up window asks for confirmation. This action means that the application can no longer access this slot until it is reactivated.

• Click Confirm Action to proceed and end the process.

Activate Slot

• After a slot has been deactivated, Activate now appears in the Action column to undo the process.

• Click Activate to open the Activate Slot window.

• Provide the Slot PIN.

• Check Use Remote PED if applicable.

• Click Next Step.

• The window Activate Slot-Summary opens.

For a remote PED connection, ensure that the PED server and client are properly configured.

Make sure the labeled PED Keys are within reach.

• Continue the steps until the Activate Slot process is done.

• Click Finalize to finish the process.

Change Slot PIN

• Click Change PIN in the Actions column in the Slot Management table for an initialized and active slot to change the PIN the slot.

• The the corresponding form opens.

• Provide the Current Slot PIN.

• Again there are the options to

  • Automatically generate PIN, or to

  • enter and repeat the Slot PIN manually.

• Click Change Slot PIN to proceed and end the process.