Services
Luna Cloud HSM Services
Luna Cloud HSM Service Integrations
CipherTrust Key Management Services
- CipherTrust Data Security Platform as a Service
payShield Cloud Services
- payShield Cloud HSM Service
  - Service Overview
  - Prerequisites
  - Getting Started
    - payShield Cloud HSM Configuration/Subscription Options
    - How to Subscribe to the payShield Cloud HSM Service
  - Service Specifications
  - Connecting to the payShield Cloud HSM Service
    - Azure Connection Guide
      - Create Express Route connection
      - Create a Virtual Network
      - Create a Virtual Network Gateway
    - GCP Connection Guide
    - AWS Connectiontion Guide
  - Service Provisioning from DPoD Platform
    - Trial Tier Provisioning
    - Production Tier Provisioning
    - View Sevice Status
  - HSM Management using payShield Manager
    - Preparing for HSM Commission
      - Install Smart Card Reader Driver
      - Check Your Proxy Configuration
      - Additional Steps for the First Time Users
        
        Install the Extension Component
        
        Enable the Extension Component
        
        Install the Local Application Component
      - Configure the Smart Card Reader
    - Steps to Commission payShield Manager
      - Create a new Security Domain
      - Load / Install the Security Domain
      - Create Left and Right Remote Access Control key cards
    - Adding Another HSM to the Security Domain
    - Transitioning between HSM States via payShield Manager
    - Viewing Network Interfaces in payShield Manager
  - HSM Deprovisioning
  - APPENDIX A - Glossary
  - APPENDIX B - DPoD Errors
- Point-to-Point Encryption
  - Adding a Point-to-Point Encryption Service
  - Using the service
  - P2PE CLI
    - p2pe key
      - p2pe key generate
      - p2pe key list
      - p2pe key delete
      - p2pe key export
    - p2pe service
      - p2pe service init
      - p2pe service changePwd
    - p2pe tls
      - p2pe tls init
      - p2pe tls requestcertificate
      - p2pe tls selfsigncertificate
  - P2PE REST API
  - P2PE errors
  - Service Details
  - Frequently Asked Questions
Partner Services

p2pe tls init

Command to initialize TLS Configuration and create a new TLS key pair. The p2pe tls init command creates a key pair and then generates tls certificates and a certificate signing request using that key pair. Re-running the p2pe tls init command overwrites the existing key pair.

On Windows operating systems execute the command from an Administrator Command Prompt. Right-click the Command Prompt and select Run as Administrator.

Linux


p2pe tls init [flags]

Windows


p2pe.exe tls init [flags]

Flags	Description
`[--client]`	Path to directory containing extracted service client. (Default `.`)
`[--days]`	Certificate validity period. (Default 365)
`--dns`	Commas separated DNS names as SubjectAltName(s).
`[--force]`	Force an operation, if specified `yes` is assumed in all prompts.
`[--keySize]`	RSA Key Modulus bits. Minimum `2048`, maximum `8192`. (Default `2048`)
`[--out]`	Output directory to write the TLS configuration and certificate files. (Default `.`) If omitted, PEM encoded CSR is dumped to stdout. Certificate options include PEM and DER.
`[--password]`	Password for the service.
`--subject`	Subject DN input in OpenSSL style. Example: /CN=example/C=IN/
`--help`	Help for the command.

Tip

We do not recommend using a keySize larger than 2048. Larger key sizes can impact HSM performance.

Linux Example


p2pe tls init --days 365 --dns 0.0.0.0 --subject /CN=localhost/C=IN/ --keySize 2048 --password Welcome@123 --client ~/<path_to_p2pe_service_client>

Windows Example


p2pe.exe p2pe tls init --days 365 --dns 0.0.0.0 --subject /CN=localhost/C=IN/ --keySize 2048 --password Welcome@123 --client ~/<path_to_p2pe_service_client>

Command returns


Successfully initialized TLS Configuration
Output files [dir: '.']:
 - tls.pem
 - tls_req.pem
 - tls.json

Suggest A Change

p2pe tls init

On this page