apps hsm-group

Use the apps hsm-group command to configure an HSM group.

The apps hsm-group command has the following syntax:

apps hsm-group <alias <alias>>

comm <comment>
fetch key-handler <URL for HSM group key handler file>
hsm-alias

add <HSM alias>

delete <HSM alias>

 

The following table describes the arguments for the apps hsm-group command:

Argument

Description

alias <alias>

Specifies an alias of the HSM group.

For example:

(config) # apps hsm-group alias hsm-set

Note:  Only one HSM group can be configured.

comment <comment>

Adds a comment to an HSM group. Comments can be up to 128 characters. Comments longer than one word must be enclosed in double quotation marks.

For example:

(config) # apps hsm-group alias hsm-set comment "HSM group1"

fetch key-handler <URL for HSM group key handler file>

Fetches an HSM group key handler. These are nCipher World and Module binary files. They can be fetched from nCipher HSM RFS.

A World file is a metadata file used by the nCipher client. One World file is needed for an HSM group. One Module file is required for each HSM in a group. So if there are two HSMs in the group, you need to fetch one World file and two Module files.

Examples:

(config) # apps hsm-group alias hsm-set fetch key-handler http://10.115.0.100/tftpboot/temp/hsm/world

(config) # apps hsm-group alias hsm-set fetch key-handler http://10.115.0.100/tftpboot/temp/hsm/module_12EE-4B24-2FCE

(config) # apps hsm-group alias hsm-set fetch key-handler http://10.115.0.100/tftpboot/temp/hsm/module_FBC5-F777-2A93

hsm-alias
   add <HSM alias>
   delete <HSM alias>

Specifies the HSM alias to add or delete as follows:

add—Adds an HSM to an HSM group. Multiple HSMs can be added to a group. Multiple HSMs might be needed for load balancing, failover, or redundancy.
delete—Deletes an HSM from an HSM group.

Examples:

(config) # apps hsm-group alias hsm-set hsm-alias add hsm1

(config) # apps hsm-group alias hsm-set hsm-alias add hsm2

(config) # apps hsm-group alias hsm-set hsm-alias delete hsm1

Related Commands

The following table summarizes other commands related to the apps hsm-group command:

Task

Command

Displays the ESN for a given IP address.

# show apps hsm-group anonkneti

Displays enquiry data from the module.

# show apps hsm-group enquiry

Displays the result of a hardserver connection attempt.

# show apps hsm-group chkserv

Displays PKCS11 information.

# show apps hsm-group ckinfo

Displays HSM key information.

# show apps hsm-group key

Displays Security World information.

# show apps hsm-group world

Displays Security World configuration information.

# show apps hsm-group config

Displays Security World module information.

# show apps hsm-group module

Displays SSL session statistics.

# show apps hsm-group session-stats

Displays HSM buffer statistics.

# show apps hsm-group buffer-stats

Displays all statistics.

# show apps hsm-group all

Displays operational status.

# show apps hsm-group status

Deletes a specified HSM group.

(config) # no apps hsm-group alias hsm-set

Deletes all HSM groups.

(config) # no apps hsm-group all