Activate Cluster
To activate the cluster, do the following:
- SSH into the SignServer instance if not already done so.
- Use the following command to start the AWS CloudHSM cloudhsm_mgmt_util command line tool:CODE
# sudo /opt/cloudhsm/bin/cloudhsm_mgmt_util /opt/cloudhsm/etc/cloudhsm_mgmt_util.cfg
- Use the
enable_e2e
command to enable end-to-end encryption:CODEaws-cloudhsm> enable_e2e E2E enabled on server 0(server1)
Use the
loginHSM
command to log in to the HSM as the precrypto officer (PRECO) user:CODEaws-cloudhsm> loginHSM PRECO admin password loginHSM success on server 0(server1)
- Use the
changePswd
command to change the precrypto officer (PRECO) user's password:CODEaws-cloudhsm> changePswd PRECO admin <NewPassword> *************************CAUTION******************************** This is a CRITICAL operation, should be done on all nodes in the cluster. Cav server does NOT synchronize these changes with the nodes on which this operation is not executed or failed, please ensure this operation is executed on all nodes in the cluster. **************************************************************** Do you want to continue(y/n)?y Changing password for admin(PRECO) on 1 nodes
- Logout as user PRECO:CODE
aws-cloudhsm> logoutHSM logoutHSM success on server 0
- Use the following syntax to login to the HSM going forward:
loginHSM
<user type>
<user name>
<password>
For example:
CODEaws-cloudhsm> loginHSM CO admin <password>