1. For any changes to the HSM-related configuration in an existing setup, such as adding or removing an HSM, or creating an HA setup, copy ‘/etc/Chrystoki.conf’ to ‘/var/safenet/config’.

  2. After adding, removing, or restarting an HSM, you must restart the ‘/var/safenet/gateway/safenet_gw’ binary. If you don’t restart the gateway binary, the HSM will not serve any traffic after it is added back or after it restarts.

  3. To reboot or stop the current ‘/var/safenet/gateway/safenet_gw’ binary, use

    kill –SIGTERM <PID>
    kill –SIGINT <PID>

    Important! Do not use kill –9 <PID> or kill -6 <PID>

  4. Before removing an existing HSM from the ADC, remove, from the ADC, all the keys and certificate-key pairs that are associated with that HSM. You can’t delete these files from the ADC after you remove the HSM.

  5. On a standalone NetScaler appliance, Thales Luna HSMs in HA are supported for Luna version 6.2 and later.

  6. EXPORT ciphers are not supported.

  7. Update certificate-key pair operation is not supported.

  8. When you generate an HSM key on a third-party tool, the private and public key names must be the same. When you add the HSM key on the appliance, provide this name as the key name.

  9. The # character is not supported in a key name and partition password.

  10. Cluster and admin partitions are not supported.


In this article