Skip to main content
Skip table of contents

Restoring HSM Backup to New Instance

Follow the steps to restore an HSM from a backup to a new instance:

  1. Click on CloudHSM in the Services section of the AWS Console and find the existing cluster for the HSM you want to restore. AWS CloudHSM is only billing if there is an HSM in the active cluster.

  2. Select the link to the cluster that contains the HSM material to restore.

  3. Click Create HSM and step through the wizard to create a new cluster by selecting the Subnet/AZ for the HSM.

  4. Once completed, AWS takes some time to create the HSM. During this time, the state is Create in progress.

  5. Once complete, the HSM state will be active. Click the refresh button

    to refresh the status.

  6. Ensure the appropriate security group for the HSM created is assigned to the SignServer Enterprise Cloud Instance. For more information, see Assigning the Security Group to the SignServer Instance.

  7. SSH into your SignServer instance with your SSH key using the following command syntax:

    CODE 
    # ssh -i ~/Documents/my-ssh.pem ec2-user@ec2-my-public-ec2-ip.compute-1.amazonaws.com

  8. Ensure that the certificate that is used to authenticate with the CloudHSM resides at:

    CODE 
    # /opt/cloudhsm/etc/customerCA.crt

  9. Stop the CloudHSM client using one of the following commands:

    CODE 
    # sudo stop cloudhsm-client
or
# sudo service cloudhsm-client stop

  10. Configure the CloudHSM client with the following command replacing 172.16.2.37 with the IP address of your HSMCluster:

    CODE 
    # sudo /opt/cloudhsm/bin/configure -a 172.16.2.37

  11. Copy any public key certificates used with SignServer in the past to the following directory (SignServer will not be able to read any keys in CloudHSM without the matching public certificate that was created with it):

    CODE 
    # /opt/signserver/.liquidsec/

  12. Start the CloudHSM client with the following command:

    CODE 
    # sudo start cloudhsm-client
or
# sudo service cloudhsm-client start

  13. Update the cloudhsm_mgmt_util Configuration File

    CODE 
    # sudo /opt/cloudhsm/bin/configure -m

  14. Start cloudhsm_mgmt_util to ensure you can connect to the HSM

    CODE 
    # /opt/cloudhsm/bin/cloudhsm_mgmt_util /opt/cloudhsm/etc/cloudhsm_mgmt_util.cfg

  15. Restart Wildfly with the following command:

    CODE 
    # sudo systemctl restart wildfly
or
# sudo service wildfly restart

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close