Troubleshooting

This page summarises some common problems when getting started with CloudHSM, and ways to solve them.

Make sure that you have read and followed the setup instructions, including the detailed instructions of the API provider you are using.

CloudHSM Connectivity Issues

Check the Status Page to see if CloudHSM is experiencing any issues.
Ensure your network layer and firewall settings allow traffic on required the endpoints, protocols, and ports (see the CloudHSM Connectivity Details).
Verify your API Provider is configured with correct connectivity parameters.
Use ping <service-url> and telnet <service-url> <service-api-provider-port> to check network layer connectivity. If ping or telnet fails, consult your network administrator about firewall issues.
Ensure your source IP has not changed and matches the IP allowlisting.

Renewing Credentials

If credentials (such as the setup password) are expired, or you require new credentials (for example, to set up an additional machine), open a ticket on the Securosys Support Portal and request new credentials. This may incur a cost.

Provider Troubleshooting

Please see the provider-specific troubleshooting sections. Also take another look at the provider-specific samples, to ensure that you are using the provider correctly.

PKCS#11 Provider

Check out the PKCS#11-Provider troubleshooting section.

JCE Provider

Check out the JCE-Provider troubleshooting section.

MSCNG Provider

Check out the MSCNG-Provider troubleshooting section.

REST API / TSB

Follow the samples of the REST API to ensure correct request bodies.

If the issue persists

If the issue persists, please open a support ticket on our Support Portal.

I don't receive some emails

Please check your spam folder.

Implications When Master HSM is Unreachable

In a High Availability Primus HSM Cluster, if the master HSM becomes unreachable, the following behaviour applies:

Possible Crypto Operations:

Key creation: creating keys on clones (if master in not available)
Key Usage: (e.g., sign, verify, encrypt, decrypt operations)
Key Store enumeration

Not Possible:

Keystore modifications: (e.g., delete key, change password)

API Behavior When Master Is Down:

If an Keystore Modification operation is attempted during maintenance or if the master is disconnected, the HSM API responds with:

Error Code	Error Description	Description
0x80000065	ERR_MASTER_NOT_REACHABLE	API Command execution failed because master is not reachable
0x80000066	ERR_HA_REQUEST_TIMEOUT	API Command execution failed because master is not responding

Rest-API
JCE
PKCS#11

{
  "errorCode": 701,
  "reason": "res.error.in.hsm",
  "message": "HSM error: status: MasterNotReachable; for key TESTKEY2025-05-06_19-39-44.70784067305833"
}

More information about specific endpoints that are not supported when the master is unreachable can be found here.

HSM error: status: MasterNotReachable; for key TESTKEY2025-05-06_19-39-44.70784067305833"

  error: PKCS11 function C_DestroyObject() failed: rv = unknown PKCS11 error (0x80000065)

Get started withCloudHSM for free.

Need help?Contact Support.

Other questions?Ask Sales.

CloudHSM Connectivity Issues​

Renewing Credentials​

Provider Troubleshooting​