Quick Start to Safenet SA5 HSMs – Part1


Jan 2017

Quick Start to Safenet SA5 HSMs – Part1

Below is a quick start guide to setting up your Safenet (Luna) SA5 network attached Hardware Security Modules (HSMs)


Note: First step is to connect to the HSM using a serial Interface and putty (8N1, 115200). Default user/password are ADMIN/PASSWORD


Configure Luna SA Networking





lunash:> sysconf timezone set US/Central US/ [Alaska, Aleutian, Arizona, Central, Eastern, East-Indiana, Hawaii, Indiana-Starke, Michigan, Mountain, Pacific, Samoa]


lunash:> sysconf time HH:MM YYYYMMDD


lunash:> net show


Displays the network configuration
lunash:> net hostname <hostname>


Sets the hostname for HSM
lunash:> net domain <domainname>


lunash:> net dns add nameserver <ip address>


lunash:> net dns add searchdomain <domain name>


Ex: zionclouds.com
lunash:> net int static -dev eth0 -ip <ip address>



-netmask <net mask> -gateway <gw ip>


lunash:> net ping Test network connectivity to external IP


lunash:> sysconf ntp addserver <hostname or ip address>


lunash:> sysconf ntp enable


lunash:> sysconf ntp status




Generate New HSM Server Certificate





lunash:> sysconf regenCert


Generate HSM Certificate
lunash:> ntls bind eth0


Note: Whenever HSM IP is changed you need to make sure to create and bind HSM certificate.


lunash:> ntls show


View the status of NTLS, verify it is bound to the eth interface




Initialize HSM and setup policies




*** If using MofN on any of the PED key roles, make sure to first increase the pED timeout values


lunash:> hsm PED timeout show



lunash:> hsm PED timeout set -type pedk -seconds 300



Generate HSM Certificate


Timeout value of 300 secs should be enough

lunash:> hsm init -label <HSM Label> New for SA5, each role can have M of N. Refer to PED to generate mofn. Note: Security Officer key set can be changed later on. Domain Admin ( red key set) M of N settings cannot be changed later.


lunash:> hsm changePolicy -policy¬†12 –v 0 Policy 12 control non-FIPS compliant algorithms


Post Your Thoughts

Your email address will not be published. Required fields are marked *