Skip to main content

XML-Configuration

The security settings and network settings parameters may also be imported via XML.
Thus, configuration management of multiple HSM can be greatly simplified. It is recommended to keep a copy of the configuration of each HSM, for reference.


Configuration with XML (Export and Import)

Check annotated Reference - Configuration
It is best practice to export the configuration before manually modifying it.

The default file name is <deviceName>.sconfig. If device attestation is initialized, an archive <deviceName>.sconfig.zip is created.
The configuration XML file consists of network config, device security config and per user configurations.
Edit the xml configuration file <deviceName>.sconfig according to your needs.

  • Export the configuration to USB stick:
    SETUP → CONFIGURATION → IMPORT/EXPORT → EXPORT SECURITY CONFIG
  • Import the configuration from USB stick (*.sconfig):
   SETUP → CONFIGURATION → IMPORT/EXPORT → IMPORT SECURITY CONFIG
multiple *.sconfig
  • If there are multiple *.sconfig files on the USB stick, import via Console will show a file selection of max. 8 files, and import via front panel GUI will fail (file selection not supported).

  • Note that import does not allow to create new user partitions (they must already exist; Stated parameters without value remain unchanged (e.g. <pkcs_password/>).

  • Missing parameters are reset to factory default (e.g. not having a <pkcs_password/> statement deletes the PKCS#11 password).

  • In Cloning and HA Cloning, most of the Security settings are cloned from the Master onto the Clone and can therefore not be changed by XML import on the Clone.

  • In case of failure, export the Security Log (see 4.7) and check the file crypto.log for more details.