Red Hat CERTIFICATE SYSTEM 8 Install Manual page 28

Chapter 2. Prerequisites Before Installing Certificate System
preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
preop.configModules.module2.commonName=lunasa
preop.configModules.module2.imagePath=../img/safenet.png
preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
#selected token
preop.module.token=Internal Key Storage Token
In addition, the following parameter is set in the password.conf for the HSM password:
hardware-nethsm=caPassword
2.5.2.2. Using Chrysalis LunaSA HSM
To make sure that a LunaSA HSM works with Certificate System, edit the configuration files for the
HSM before configuring the subsystems:
1. Check that the LunaSA module has been properly installed:
modutil -dbdir /var/lib/subsystem_name/alias -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. lunasa
library name: /usr/lunasa/lib/libCryptoki2_64.so
slots: 1 slot attached
status: loaded
slot: LunaNet Slot
token: lunasa3-ca
If the LunaSA module isn't listed, then install the module manually:
a. Stop the subsystem.
service subsystem_name stop
b. Load the module.
modutil -dbdir /var/lib/subsystem_name/alias -nocertdb -add lunasa -libfile /usr/
lunasa/lib/libCryptoki2_64.so
c. Verify that the module has been loaded.
modutil -dbdir /var/lib/subsystem_name/alias -list
d. Start the subsystem.
18