The REST API webserver comes installed on Luna Network HSMs. The appliance admin must first enable the webserver and configure it to accept commands from your web applications. Next, use a combination of REST API resources and Luna HSM Client tools to create an NTLS or STC client connection to a partition on the HSM.
Enabling the Webserver
- Log in to LunaSH on the Luna Network HSM appliance as admin.
- [Optional] Specify a network device for REST API traffic.
lunash:> webserver bind -netdevice <netdevice> [-port <portnum>]
- Generate a certificate for the webserver.
lunash:> webserver certificate generate -keytype rsa
NOTE: It is recommended that you use the RSA algorithm for this cryptographic operation.
- Enable the webserver.
lunash:> webserver enable
The webserver service starts automatically after it is enabled.
- If you plan to issue REST commands via a browser using AJAX calls, set the permitted origin domains for the webserver by specifying a comma-separated list of approved REST API client domains, IPs, or IP/port combinations.
lunash:> webserver origin set -list "<domain/IP_list>"
- [Optional] If required, configure the webserver cipher suite by specifying a colon-separated list of ciphers (or all to enable all available ciphers).
lunash:> webserver ciphers set -list <cipher_list>
- Restart the webserver service.
lunash:> service restart webserver
NOTE: It will perform synchronzation to remove discrepancies between REST API and LunaSH users/roles.
- [Optional] Check the REST API status on the appliance.
lunash:> webserver show
You can now issue REST API commands to the Luna Network HSM. See HSM and Partition Setup to continue setting up the HSM and partitions.