.png){kind=logo}
Slot Management
This section is only displayed in Webconf if an HSM is configured.
Webconf offers the possibility to configure the individual slots according to the given situation via the Slot Management.
Depending on how many Users are to access the slots at the various locations, they can be secured accordingly.
The following Actions are available:
Slot Initialization
Log in to the Next Generation Hardware Appliance.
Open the Security page.
Go to the HSM Configuration section.
Scroll down to the Slot Management table.
Click Initialize Slot in the Actions column in the Slot Management table to open the corresponding form:
Initialize Slot#X | |
|---|---|
General | Authorization PIN Pad: Use the drop-down menu to select the PIN Pad to be used to authenticate the administrator during slot initialization. Description: Enter a description for the Slot (optional). |
Authentication | Enable Automatically generate PIN to automatically generate the PIN for this slot. |
or | Enter and repeat the Slot PIN manually to specify the PIN to be used for logging into the slot. |
Application | Enabling Create CryptoWorker in SignServer to automatically create a CryptoWorker in SignServer during the Slot Initialization. |
If the Slot Initialization with Smart Card Activation (SCA) option is not to be used:
Click Initialize Slot to confirm your entries or Cancel to quit the form.
If the Slot Initialization with Smart Card Activation (SCA) option is to be used, continue.
Slot Initialization with Smart Card Activation (SCA)
For Slot Initialization with Smart Card Activation (SCA), simply continue with the next section in the Initialize Slot#X form.
Smart Card Activation | Smart Card Activation Users: Use the drop down menu to specify how many SCA Users should be created. |
SCA User Mapping | PIN Pad Locations |
Click Initialize Slot to confirm your entries or Cancel to quit the form.
Important: The definition of the Smart Cards in Smart Card Activation affects all Users.
HSM Slot Initialization Process
The HSM Slot Initialization starts.
Actions with the PIN Pad are required to go through this process.
This process is identical, regardless of whether SCA has been activated!
Only additional PIN Pad actions are required for SCA Users.
The Guided Setup dialog for Initialize Slot #x is displayed.
In the dialog a summary of the slot is displayed, showing the Description of the choices made on the slot.
Click Submit to confirm the settings and proceed.
Follow the prompts of the PIN Pad.
The Administration Smart Card and all authenticated User Cards will be needed for PIN Pad interactions.
Applicable if all authenticated User Cards are required:
If Reuse an existing Smart Card is applied, the number x of SCA User is required
or
If Generate new with x copies is selected, the number of copies x of number x of SCA Users is required.
For a local PIN Pad connection: ensure that the PIN Pad is properly connected to a USB port on the front side of the device.
For a remote PIN Pad connection: make sure that the PPD software for Linux or Windows has been downloaded and installed correctly beforehand.
Make sure that the PIN Pad Smart Cards are within reach.
After completing the Guided Setup, click Finalize to end the process.
SCA is not used:
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Disabled in the Smart Card Activation column.
SCA is used:
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Enabled in the Smart Card Activation column.
To be able to work in Application Admin Web, the activation of SCA for slots in Webconf would require SCA Authentication with SCA User Cards. A dialog box on the Overview page after Slot Initialization indicates this.
Change Slot PIN
Log in to the Next Generation Hardware Appliance.
Open the Security page.
Go to the HSM Configuration section.
Scroll down to the Slot Management table.
Click Change PIN in the Actions column in the Slot Management table for an initialized slot to open the corresponding form:
General | If a description has been assigned for the selected slot, it will appear automatically. |
Authentication | In order to change the Slot PIN, provide the Current Slot PIN. |
For auto-generated PIN enable Automatically generate PIN to automatically generate the PIN for this slot. | |
or | For manually PIN entry, enter the Slot PIN to specify the PIN to be used for logging into the slot. |
For manually PIN entry, repeat the Slot PIN. |
Click Change Slot PIN to confirm your entries or Cancel to quit the form.
Once the process is complete, SignServer will ask to log in to the slot again with the new PIN.
Slot Decommission
Log in to the Next Generation Hardware Appliance.
Open the Security page.
Go to the HSM Configuration section.
Scroll down to the Slot Management table.
Click Decommission in the Actions column in the Slot Management table for an initialized Slot to open the corresponding form:
In the sub section Decommission Method
Use the drop-down menu to select the PIN Pad to be used to authorize the administrator card during decommissioning of the slot.In the sub section Application
Enable Remove CryptoWorker from SignServer if you also want to remove the CryptoWorker for this slot from the SignServer.
Click Decommission Slot to confirm the settings and proceed.
Follow the prompts on the PIN Pad(s).
The Administration Smart Card and all authenticated User Cards will be needed for PIN Pad interactions.After completing the process, click Finalize to end the Guided Setup.
In the Slot Management table, the slot is displayed as Uninitialized in the Status column and as Disabled in the Smart Card Activation column.
Slot Re-initialization
Log in to the Next Generation Hardware Appliance.
Open the Security page.
Go to the HSM Configuration section.
Scroll down to the Slot Management table.
Click Decommission in the Actions column in the Slot Management table for an initialized Slot to open the corresponding form:
In the sub section Decommission Method
Use the drop-down menu to select the PIN Pad to be used to authorize the administrator card during re-initialization of the slot.
Select: Re-Initialize Slot.In the sub section General
Optional: Provide a description for the slot.In the sub section Authentication
Select Automatically generate PIN
or enter and repeat the Slot PIN manually.In the sub section Smart Card Activation
Use the drop-down menu to select how many SCA Users should be created.Click Re-Initialize Slot to confirm the settings and proceed.
Follow the prompts on the PIN Pad(s).
The Administration Smart Card and all authenticated User Cards will be needed for PIN Pad interactions.After completing the process, click Finalize to end the Guided Setup.
SCA is used:
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Enabled in the Smart Card Activation column.
SCA is not used:
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Disabled in the Smart Card Activation column.
SCA Configuration
In the Slot Management table, the column Smart Card Activation can display Enabled or Disabled for a slot.
Configure SCA function if SCA is Disabled:
If you click Configure SCA in the Actions column in the Slot Management table for an Initialized slot to open the corresponding form: Configure Smart Card Activation for Slot #x the same process described in: Smart Card Activation (SCA) starts.Configure SCA function if SCA is Enabled:
SCA Settings can be customized here.In the sub section Smart Card Activation:
Enable: Adjust SCA Settings.In Smart Card Activation Users adjust the amount of Users and Smart Cards.
If a User is to be removed, select SCA with x SCA Users (where x is one User less than the previous number). SCA is then configured with the reduced number of SCA Users.
The Smart Cards of the remaining Users can be reused or rewritten.
Continue with the Slot Authorization:
Slot PIN: Specify the PIN that should be used to log into the slot.
Authorization PIN Pad: In the drop-down menu, select the PIN Pad that is to be used to authenticate the administrator during the initialization of the slot.
All available PIN Pads are listed.In the sub section SCA User Mapping:
In the drop-down menu, select which PIN Pad should be used per User.Click Update to confirm the settings and proceed.
The Guided Setup dialog for Configure SCA for Slot #x is displayed.
The Administration Smart Card and all authenticated User Cards will be needed for PIN Pad interactions.
In the dialog, a summary of all the information you have entered is displayed at the top of the window.Click Submit to start the configuration.
Follow the prompts on the PIN Pad(s).After completing the process, click Finalize to end the Guided Setup.
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Enabled in the Smart Card Activation column.
SCA Deactivation
Log in to the Next Generation Hardware Appliance.
Open the Security page.
Go to the HSM Configuration section.
Scroll down to the Slot Management table.
Click Initialize Slot in the Actions column in the Slot Management table to open the corresponding form:
In the sub section Smart Card Activation:
Enable: Adjust SCA Settings.In Smart Card Activation Users select No Smart Card Activation from the drop down menu.
In the sub section Slot Authorization:
Slot PIN: Enter the PIN that should be used to log into the slot.
Authorization PIN Pad: In the drop-down menu, select the PIN Pad that is to be used to authenticate the administrator during the initialization of the slot.Click Update to start the Guided Setup.
Follow the prompts on the PIN Pad(s).
The Administration Smart Card will be needed for PIN Pad interactions.After completing the process, click Finalize to end the Guided Setup.
In the Slot Management table, the slot is displayed as Initialized in the Status column and as Disabled in the Smart Card Activation column.