|Resolution||When using a Safenet HSM, the DPM configuration file will contain those two parameters:|
If you have a Luna SA4, use
If you have a Luna SA5, use
Then specify the slot number to use:
Using the Safenet command "vtl verify", this will show you all available slots. Example, if you have configured the Safenet client with two HSMs, that command will show two slots (1 and 2) with their own slot "serial number". Then if HA is configured using Safenet's commands (please refer to Safenet documentation here), the command "vtl verify" will still show you only slot 1 and slot 2 as the "vtl verify" command only shows physical slots. You should then turn on HA, which will cause the command "vtl verify" to then show only one slot (slot 1) but that slot serial number will be the HA slot. You should use this virtual slot number in keyManagerServer.properties.
To view the HA slot, you can use the Safenet command "cmu list"
If HAOnly=1 is set in Chrystoki.conf, then the API will only present one slot which is the HA slot (Vtl verify still showing 2 slots)
If HAOnly=0 then the API will present all slots (1, 2 and 3) (vtl verify still showing 2 slots)
The ultimate recommendation is to set “provider.slot=1” and to have “HAOnly=1” at all times.
- Configure Safenet HA: you will see all standard slots plus the virtual slot
- Turn on Safenet HA: standard slots will disapear, leaving only the virtual slot visible
- Use this slot number for "provider.slot" in keyManagerServer.properties