Skip to main content
Skip table of contents

Slot Management for Luna S790

This section is only displayed in webconf if an HSM is configured.
As soon as the HSM has been successfully configured, a new table with ten slots is displayed on the Security page in webconf.

  1. Log in to the Next Generation Hardware Appliance.

  2. Open the Security page.

  3. Go to the HSM Configuration section.

  4. Scroll down to the Slot Management table.

  5. Ten Slots are available.

As long as no slots have been initiated, they appear in the table as follows:

#

Description

Status

Active

Action

Not Available

Uninitialized

Inactive

button to Initialize Slot

Webconf offers the option to cancel/abort the process at various points during initialization.

Slot Initialization

  • Click Initialize Slot in the Actions column in the Slot Management table to open the corresponding form. 

General

Description

Enter a description for the Slot (optional).

Authentication

Enable Automatically generate PIN to automatically generate the PIN for this slot.

or Slot PIN

Enter and repeat the Slot PIN manually to specify the PIN to be used for logging into the slot.

Application

Enable Create CryptoToken in EJBCA to automatically create a CryptoToken in EJBCA during the Slot Initialization.

Remote PED

  • If this option is activated, the remote PED is used.

  • If the checkbox is not selected, the PED must be connected directly to the HSM on the backside of the appliance.

  • Click Initialize Slot to confirm your entries or Cancel to quit the form.

  • The HSM Slot Initialization starts. A series of steps with different queries for the different PED Keys must be run through.

  • Click Finalize to finish the initialization.

  • After the slot has been initialized, it will appear in the table as follows:

#

Description

Status

Active

Action

0

Database Protection Token

Initialized

Active

  • Deactivate

  • Backup Slot (grayed out)

1

Description set for the Slot

Initialized

Active

  • Decommission

  • Backup Slot (grayed out)

  • Deactivate

  • Change PIN

Slot Decommission

  • Click Decomission in the Actions column in the Slot Management table for an initialized Slot to open the corresponding form: Decommission Slot #x

Decommission Method

Do not select Re-initialize Slot.

Application

Enable Create CryptoToken in EJBCA to automatically remove the CryptoToken in EJBCA during the Slot Decommissioning.

  • Click Decommission Slot to finalize.

Re-initialize Slot

  • Click Decomission in the Actions column in the Slot Management table for an initialized Slot to open the corresponding form: Decommission Slot #x

Decommission Method

Select Re-initialize Slot if the to slot is to be reinitialized.

Additional fields appear in the form.

General

Description

Type a description/name for this slot.

Authentication

  • Enable Automatically generate PIN to automatically generate the PIN for this slot.

  • Or enter and repeat the Slot PIN manually to specify the PIN to be used for logging into the slot.

Application

  • Enable Create CryptoToken in EJBCA to automatically create a CryptoToken in EJBCA during the Slot Initialization.

Application

  • Enable Create CryptoWorker in SignServer to automatically create a CryptoWorker in SignServer during the Slot Initialization.

  • Click Decommission Slot to finalize.

Deactivate Slot

  • Click Deactivate in the Actions column in the Slot Management table for an initialized Slot to deactivate the slot.

  • A pop-up window asks for confirmation. This action means that the application can no longer access this slot until it is reactivated.

  • Click Confirm Action to proceed and end the process.

Activate Slot

  • After a slot has been deactivated, Activate now appears in the Action column to undo the process.

  • Click Activate to open the Activate Slot window.

  • Provide the Slot PIN.

  • Check Use Remote PED if applicable.

  • Click Next Step.

  • The window Activate Slot-Summary opens.

For a remote PED connection, ensure that the PED server and client are properly configured.

Make sure the labeled PED Keys are within reach.

  • Continue the steps until the Activate Slot process is done.

  • Click Finalize to finish the process.

Change Slot PIN

  • Click Change PIN in the Actions column in the Slot Management table for an initialized and active slot to change the PIN the slot.

  • The the corresponding form opens.

  • Provide the Current Slot PIN.

  • Again there are the options to

    • Automatically generate PIN, or to

    • enter and repeat the Slot PIN manually.

  • Click Change Slot PIN to proceed and end the process.

???? Remote PED

  • If this option is activated, the remote PED is used. If the checkbox is not selected, the PED must be connected directly to the HSM on the backside of the appliance.

  • Click Decommission Slot to continue.

  • The HSM Slot decommission opens.

For a remote PED connection, ensure that the PED server and client are properly configured.

Make sure the labeled PED Keys are within reach.

  • A series of steps with different queries for the different PED Keys must be run through.

  • Click Finalize to finish the decommission.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close