Skip to content

Instantly share code, notes, and snippets.

@rzamana
Last active Jul 11, 2020
Embed
What would you like to do?
openssl genrsa -aes256 -out customerCA.key 2048
openssl req -new -x509 -days 3652 -key customerCA.key -out customerCA.crt
nano <cluster_id>_ClusterCsr.csr
openssl x509 -req -days 3652 -in <cluster_id>_ClusterCsr.csr \
-CA customerCA.crt \
-CAkey customerCA.key \
-CAcreateserial \
-out <cluster_id>_CustomerHsmCertificate.crt
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
sudo yum install -y ./cloudhsm-client-latest.el7.x86_64.rpm
cp customerCA.crt /opt/cloudhsm/etc/customerCA.crt
sudo /opt/cloudhsm/bin/configure -a <cluster_IP>
/opt/cloudhsm/bin/cloudhsm_mgmt_util /opt/cloudhsm/etc/cloudhsm_mgmt_util.cfg
enable_e2e
listUsers
loginHSM PRECO admin password
changePswd PRECO admin <NewPassword>
listUsers
loginHSM PRECO admin password
logoutHSM
loginHSM CO admin acloudguru
createUser CU ryan acloudguru
listUsers
logoutHSM
quit
sudo service cloudhsm-client start
/opt/cloudhsm/bin/key_mgmt_util
loginHSM -u CU -s ryan -p acloudguru
genSymKey -t 31 -s 32 -l aes256
genRSAKeyPair -m 2048 -e 65537 -l rsa2048
genSymKey -t 31 -s 16 -sess -l export-wrapping-key
exSymKey -k <symetric_key> -out aes256.key.exp -w <wrapping_key>
exportPrivateKey -k <private_key> -out rsa2048.key.exp -w <wrapping_key>
exportPubKey -k 22 -out rsa2048.pub.exp
logoutHSM
exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment