REST API for Luna Network HSMs
Webserver Setup

The REST API webserver comes installed on Luna Network HSMs. The appliance admin must first enable the webserver and configure it to accept commands from your web applications. Next, use a combination of REST API resources and Luna HSM Client tools to create an NTLS or STC client connection to a partition on the HSM.

Enabling the Webserver

  1. Log in to LunaSH on the Luna Network HSM appliance as admin.
  2. [Optional] Specify a network device for REST API traffic.
    lunash:> webserver bind -netdevice <netdevice> [-port <portnum>]
  3. Generate a certificate for the webserver.
    lunash:> webserver certificate generate -keytype rsa
    NOTE: It is recommended that you use the RSA algorithm for this cryptographic operation.
  4. Enable the webserver.
    lunash:> webserver enable
    The webserver service starts automatically after it is enabled.
  5. If you plan to issue REST commands via a browser using AJAX calls, set the permitted origin domains for the webserver by specifying a comma-separated list of approved REST API client domains, IPs, or IP/port combinations.
    lunash:> webserver origin set -list "<domain/IP_list>"
  6. [Optional] If required, configure the webserver cipher suite by specifying a colon-separated list of ciphers (or all to enable all available ciphers).
    lunash:> webserver ciphers set -list <cipher_list>
  7. Restart the webserver service.
    lunash:> service restart webserver
    NOTE: It will perform synchronzation to remove discrepancies between REST API and LunaSH users/roles.
  8. [Optional] Check the REST API status on the appliance.
    lunash:> webserver show

You can now issue REST API commands to the Luna Network HSM. See HSM and Partition Setup to continue setting up the HSM and partitions.