附录
带有输出的示例命令:
运行脚本
root@ns# PWD /var/safenet/config root@ns# sh safenet_config
创建证书
root@ns# cd /var/safenet/safenet/ lunclient /bin root@ns# ./vtl createcert -n 10.102.59.175已创建的私钥,并写入:/var/safenet/safenet/ lunclient /cert/client/10.102.59.175Key. conf。/var/safenet/safenet/ lunclient /cert/client/10.102.59.175. pem已创建并写入的证书。pem < !——NeedCopy >
将证书复制到歌舞青春
root@ns # scp /var/safenet/safenet/lunaclient/cert/client/10.102.59.175。Pem admin@10.217.2.7: admin@10.217.2.7's password: 10.102.59.175。pem 100% 818 0.8KB/s 00:00
将证书和密钥从HSM复制到Citrix ADC设备
root@ns# scp admin@10.217.2.7:server.pem /var/ thales Luna/safenet/lunaclient/server.2.7。Pem admin@10.217.2.7的密码:server。pem 100% 1164 1.1KB/s 00:01
使用SSH连接到泰雷兹Luna HSM
ssh admin@10.217.2.7连接到10.217.2.7:22……连接建立。要转义到本地shell,请按“Ctrl+Alt+]”。Last login: Thu Jun 23 02:20:29 2016 from 10.252.243.11 Luna SA 5.2.3- Command Line Shell - Copyright (c) 2001-2014 SafeNet, Inc。保留所有权利。[Safenet1] lunash:>hsm login Please enter the hsm Administrators' password: > ******* 'hsm login' successful.输出说明命令执行结果:0 (Success) [Safenet1] lunash:>
在泰雷兹Luna HSM上注册Citrix ADC
[Safenet1] lunash:>client register -client ns175 -ip 10.102.59.175 'client register' successful。命令执行结果:0 (Success) [Safenet1] lunash:>
从分区列表中为客户端分配一个分区
[Safenet1] lunash:>client assignPartition -client ns175 -partition p2 'client assignPartition' successful。命令执行结果:0 (Success) [Safenet1] lunash:>
在Citrix ADC上使用其证书注册HSM
root@ns# ./vtl addserver -n 10.217.2.7 -c /var/safenet/safenet/ lunclient /server.2.7。New server 10.217.2.7 successfully added to server list.输出说明<!——NeedCopy >
验证ADC和HSM之间的网络信任链路(NTL)连接
root@ns# ./vtl verify发现以下Luna SA槽位/分区:Slot Serial # Label ==== ================ ===== 0 477877010 p2
保存配置
cp /etc/Chrystoki.conf /var/safenet/config/
在引导时配置网关关守护进程的自动启动
触摸/var/safenet/safenet_is_enrolled < !——NeedCopy >
已复制
失败了!