clientconfig deploy

Creates a Network Trust Link between the client and a Luna Network HSM 7 appliance. This command creates a client Private Key and Certificate, and uses pscp or scp to transfer the client and server certificates to each other.

NOTE   If pscp or scp is blocked by a firewall, this command will fail and the certificates must be transferred by other secure means and registered manually.

Syntax

clientconfig deploy -server <server_IP> -client <client_IP> -partition <partition_name> [-password <password>] [-hsmPassword <HSMSO_password>] [-user <username>] [-regen] [-verbose] [-force]

Argument(s) Shortcut Description
-client <client_IP> -c The client hostname or IP.
-hsmPassword <HSMSO_password> -hsmpw The HSM SO password. This option is required only if HSM SO login enforcement is enabled on Luna Network HSM 7 (see sysconf forceSOLogin).
-force -f Force the action without prompting for confirmation.
-partition <partition_name> -par The name of the partition to be assigned to the client. This partition must be created in advance using LunaSH.
-password <password> -pw The appliance administrator's password. If this option is not included, you will be prompted for the password. Passwords entered at the prompt are hidden.
-regen -rg Including this option will regenerate and replace any current client certificate with the default 2048-bit RSA certificate. This may disrupt connections to other Luna Network HSM 7 servers. If you need your client to use larger RSA keysizes, then generate via the vtl utility instead.
-server <server_IP> -n The server hostname or IP.
-verbose -v Show more detailed logs during the procedure.
-user <username> -ur

The appliance administrator's username.

Default: admin

Example

lunacm:> clientconfig deploy -server 192.20.11.78 -client 192.20.11.129 -partition par1 -password myuserpin2 -user admin
Please wait while we set up the connection to the HSM. This may take several minutes...

Last login: Wed Feb 22 10:06:59 2020 from 192.20.11.129

Luna Network HSM 7.7.0 Command Line Shell - Copyright (c) 2001-2020 SafeNet, Inc. All rights reserved.


Private Key created and written to: C:\Program Files\SafeNet\LunaClient\cert\client\192.20.11.129Key.pem
Certificate created and written to: C:\Program Files\SafeNet\LunaClient\cert\client\192.20.11.129.pem



New server 192.20.11.78 successfully added to server list.



The following Luna Network HSM Slots/Partitions were found:


Slot    Serial #                Label
====    ================        =====
   0       1238700701510        par0
   1        154438865312


Command Result : No Error