Skip to main content
Skip table of contents

Activate Cluster - SDK3

To activate the cluster, do the following:

  1. SSH into the SignServer instance if not already done so.

  2. Use the following command to start the AWS CloudHSM cloudhsm_mgmt_util command line tool:
    CODE 
    # sudo /opt/cloudhsm/bin/cloudhsm_mgmt_util /opt/cloudhsm/etc/cloudhsm_mgmt_util.cfg
    If you get a connection timed out, the security group has not been added to the instance.  If you get "E2E failed: unable to establish ssl connection" this is because there is no customerCA.crt (or its an incorrect file) in /opt/cloudhsm/etc.
  3. Use the enable_e2e command to enable end-to-end encryption:
    CODE 
    aws-cloudhsm> enable_e2e
E2E enabled on server 0(server1)


  4. Use the loginHSM command to log in to the HSM as the precrypto officer (PRECO) user:

    CODE 
    aws-cloudhsm> loginHSM PRECO admin password
loginHSM success on server 0(server1)
  5. Use the changePswd command to change the precrypto officer (PRECO) user's password:
    CODE 
    aws-cloudhsm> changePswd PRECO admin <NewPassword>
*************************CAUTION********************************
This is a CRITICAL operation, should be done on all nodes in the
cluster. Cav server does NOT synchronize these changes with the
nodes on which this operation is not executed or failed, please
ensure this operation is executed on all nodes in the cluster.
****************************************************************
 
Do you want to continue(y/n)?y
Changing password for admin(PRECO) on 1 nodes
  6. Logout as user PRECO:
    CODE 
    aws-cloudhsm> logoutHSM
logoutHSM success on server 0
  7. Use the following syntax to login to the HSM going forward:
    loginHSM <user type> <user name> <password>

    For example:

    CODE 
    aws-cloudhsm> loginHSM CO admin <password>


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close