Manage Gateway Thales nShield HSM Status Menu
The Manage Gateway Thales nShield HSM status menu is used to configure your Thales nShield Solo+ hardware security module.
gateway91
The Manage Gateway Thales nShield HSM status menu is used to configure your Thales nShield Solo+ hardware security module.
(1) Not all menu options apply to the nShield Connect. (2) Advanced users may wish to program their nShield Solo+ directly, as this offers greater configurability than using the menu options.
Menu Options
Access the menu from: Gateway main menu > option
6
(Manage HSM) > option 1
(Manage Gateway Thales nShield HSM status).This menu allows you to configure the Thales nShield Hardware Security Module on the CA API Gateway Appliance What would you like to do? 1) Manage Gateway Thales nShield HSM status 2) Create new security world 3) Program into existing security world 4) Use manually-programmed security world X) Exit menu Please make a selection:
Option | Description |
1) Manage Gateway Thales nShield HSM status | Enable or disables the Gateway use of the nShield HSN. Note the following:
|
2) Create new security world | Initializes the nShield card and creates a new security world cardset. Choose this option if there is no existing security world with which to program the card. If there is, use option 3 (Program into existing security world) instead. For detailed information on using this option, see "Create a New Security World Using the Gateway" in Configure the nShield Solo+. You cannot use option 2 to create a security world for the nShield Connect appliance. You must create the security world manually. For more information, see Configure the nShield Connect. Advanced users can program a new security world directly into the nShield module, without using this menu option. This is described under "Manually Programmed Security Worlds" in Configure the nShield Solo+. |
3) Program into existing security world | Programs the nShield card into an existing security world. You need at least two cards from the security world’s cardset, along with the passphrases. For detailed information on using this option, see "Program Into an Existing Security World Created Using the Gateway" under Configure the nShield Solo+. You cannot use option 3 to program into existing security worlds for the nShield Connect appliance. You must program the security world manually. For more information, see Configure the nShield Connect. Advanced users can choose to manually program into a new security, without using this menu option. This is described under "Manually Programmed Security Worlds" in Configure the nShield Solo+. |
4) Use manually-programmed security world | Directs the Gateway to use a security world that has been manually programmed using one of the setup options under "Manually Programmed Security Worlds" in Configure the nShield Solo+. The Gateway checks the status of a security world in the database and takes the following actions:
You may be prompted to choose a keystore ID. See "Choosing a Gateway Keystore" below for for details. |
Choosing a Gateway Keystore
When enabling Thales nShield support with a manually programmed security world (option
4
), you may be prompted to choose a keystore ID to be used by the CA API Gateway
as the "Thales nShield HSM" keystore. This occurs if the database does not yet contain a designated keystore ID and more than one keystore ID is present.More than one keystore ID is present on the local node. Please choose a keystore ID for the Gateway to use as its "Thales nShield HSM" keystore: 0b77a92f68c4568d059da676279673fd2abf7562 (contains 1 object) 67422c431301bcac9f256e6ada4a23d92ff2133b (contains 0 objects) 9a9307c169fc94240b7b1b1f61319763e5fe7510 (contains 3 objects) Enter the first few unique digits of the keystore ID to use that keystore ID with the Gateway. Enter "list" to see a list of available IDs. Enter "list " followed by a keystore ID to attempt to list its contents (assumes module-protection). Choice (list|<ID>|list <ID>):
Respond with one of the following:
- Enterlistto redisplay the list of available keystore IDs.
- Enterlist<ID>to view the contents of a particular keystore ID (see below for details)
- Enter the<ID>of a keystore to select it. You do not need to enter the entire ID—the first few unique characters suffice.
Using the "list <ID>" command
You can inspect the contents of a particular keystore by entering "list" followed by the first few unique characters of the keystore ID; for example:
list 9a9
Enter the first few unique digits of the keystore ID to use that keystore ID with the Gateway. Enter "list" to see a list of available IDs. Enter "list " followed by a keystore ID to attempt to list its contents (assumes module-protection). Choice (list|<ID>|list <ID>): list 9a9 Keystore ID 9a9307c169fc94240b7b1b1f61319763e5fe7510 contains 3 entries: ssl, 2048 bit RSA, CN=l7tech.example.com acme, 1024 bit RSA, CN=acme warehouse, 2048 bit RSA, CN=global
After inspecting the keystore, you can either enter its ID to select it, or use the
list
command to redisplay the list of available keystore IDs or inspect another keystore.