XML-Configuration
The security settings and network settings parameters may also be imported via XML.
Thus, configuration management of multiple HSM can be greatly simplified. It is recommended to keep a copy of the configuration of each HSM, for reference.
Configuration with XML (Export and Import)
Check annotated Reference - Configuration
It is best practice to export the configuration before manually modifying it.
The default file name is <deviceName>.sconfig
. If device attestation is initialized, an archive <deviceName>.sconfig.zip
is created.
The configuration XML file consists of network config, device security config and per user configurations.
Edit the xml configuration file <deviceName>.sconfig
according to your needs.
- Primus X-Series device
- Primus E-Series device
- Export the configuration to USB stick:
SETUP → CONFIGURATION → IMPORT/EXPORT → EXPORT SECURITY CONFIG
- Import the configuration from USB stick (*.sconfig):
SETUP → CONFIGURATION → IMPORT/EXPORT → IMPORT SECURITY CONFIG
- Export the configuration to USB stick:
hsm_sec_export_config [filename]
- Import the configuration from USB stick (*.sconfig):
hsm_sec_import_config
-
If there are multiple *.sconfig files on the USB stick, import via Console will show a file selection of max. 8 files, and import via front panel GUI will fail (file selection not supported).
-
Note that import does not allow to create new user partitions (they must already exist; Stated parameters without value remain unchanged (e.g.
<pkcs_password/>
). -
Missing parameters are reset to factory default (e.g. not having a
<pkcs_password/>
statement deletes the PKCS#11 password). -
In Cloning and HA Cloning, most of the Security settings are cloned from the Master onto the Clone and can therefore not be changed by XML import on the Clone.
-
In case of failure, export the Security Log (see 4.7) and check the file crypto.log for more details.