Checks the HSM connectivity.
tsactl check hsm [-l <level>] [-p <pin>] [-t <token>] [-v <vendor>]
For example :
$ sudo ./tsactl check hsm
Obtaining loaded secrets and configuration... Done
Starting PKCS #11 Manager... Done
Slot Id -> 0
Label -> pking203
Serial Number -> 1433959427612
Model -> LunaSA 7.2.1
Firmware Version -> 7.0.3
Configuration -> Luna User Partition With SO (PED) Signing With Cloning Mode
Slot Description -> Net Token Slot
FM HW Status -> FM Ready
Slot Id -> 1
Label -> pking202
Serial Number -> 1433964084224
Model -> LunaSA 7.2.1
Firmware Version -> 7.0.3
Configuration -> Luna User Partition With SO (PED) Signing With Cloning Mode
Slot Description -> Net Token Slot
FM HW Status -> FM Ready
Current Slot Id: 0
Passing HSM checks... Done
See below for a description of each option.
-l <level>
Debug the nShield HSM with the <level>
level, where <level>
is a CKNFAST_DEBUG
variable level. When not using an nShield HSM, the command ignores this option.
See the nShield documentation for details on the CKNFAST_DEBUG
configuration parameter.
Mandatory: No. This optional parameter defaults to 0.
-p <pin>
Authenticate in the HSM with the <pin>
PIN.
Mandatory: No. When omitting this option, the command looks for the PIN in the application secrets. If not found, prompts the user for the PIN.
-t <token>
Select the HSM token with the <token>
label.
Mandatory: No. When omitting this option, the command uses the value of the Token label configuration parameter.
The command will raise an error if you omit this option and the configuration is not loaded.
-v <vendor>
Check an HSM of the <vendor>
vendor, where <vendor>
is either:
- nshield
- thales
Mandatory : When omitting this option, the command assumes the value of the Vendor configuration parameter and throws an error if not set.