Cloudhsm mgmt util - partition owner certificate error


I am testing out the cloudhsm and setting it up on a EC2 Win2019 server. I get the following error when I run the cloudhsm mgmt util to connect the server to the cloud HSM:

PS C:\Program Files\Amazon\CloudHSM> .\cloudhsm_mgmt_util.exe C:\ProgramData\Amazon\CloudHSM\data\cloudhsm_mgmt_util.cfg
Ignoring E2E enable flag in the configuration file

Connecting to the server(s), it may take time
depending on the server(s) load, please wait...

Connecting to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225...
Connected to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225.
partition owner certificate not exist at given path
Server 0(172.xx.xx.xx) is in unencrypted mode now...
running in limited commands mode
Error: partition owner certificate doesn't exist at given path.
Failed to create client ssl ctx
E2E Session failed: E2E setup failed
Enabling E2E failed

disconnecting from servers, please wait...
PS C:\Program Files\Amazon\CloudHSM> ls

    Directory: C:\Program Files\Amazon\CloudHSM

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         6/2/2022   2:17 PM                tools
-a----       12/30/2021   8:47 PM          18019 client_info
-a----       12/30/2021   9:18 PM        5475875 client_info.exe
-a----       12/30/2021   9:16 PM        2680320 cloudhsm_client.exe
-a----       12/30/2021   8:47 PM          24373 CLOUDHSM_LICENSE
-a----       12/30/2021   9:16 PM        2541056 cloudhsm_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 cng_config.exe
-a----       12/30/2021   9:17 PM        5489038 configure.exe
-a----         6/2/2022   2:18 PM           1416 CustomerCA.crt
-a----       12/30/2021   9:17 PM         188416 import_key.exe
-a----       12/30/2021   9:17 PM        1641472 key_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 ksp_config.exe
-a----       12/30/2021   9:17 PM        1417216 pkpspeed_blocking.exe

PS C:\Program Files\Amazon\CloudHSM>

I have copied as per the manual the self signed root ca I created to sign the HSM cluster when initializing.. not sure what this partition certificate error is.

preguntada hace 2 años632 visualizaciones
1 Respuesta


Thank you for contacting us!

This error message implies that the signing certificate (CustomerCA.crt file) is missing from the expected path C:\ProgramData\Amazon\CloudHSM\customerCA.crt.

More information on the signing certificate and how it can be used to initialize the cluster is outlined in the following documentation:

Please follow the guidelines in this documentation to create the certificate file, if it does not already exist.

Feel free to reach back with any further questions or concerns.

respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas