Cloudhsm mgmt util - partition owner certificate error


I am testing out the cloudhsm and setting it up on a EC2 Win2019 server. I get the following error when I run the cloudhsm mgmt util to connect the server to the cloud HSM:

PS C:\Program Files\Amazon\CloudHSM> .\cloudhsm_mgmt_util.exe C:\ProgramData\Amazon\CloudHSM\data\cloudhsm_mgmt_util.cfg
Ignoring E2E enable flag in the configuration file

Connecting to the server(s), it may take time
depending on the server(s) load, please wait...

Connecting to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225...
Connected to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225.
partition owner certificate not exist at given path
Server 0(172.xx.xx.xx) is in unencrypted mode now...
running in limited commands mode
Error: partition owner certificate doesn't exist at given path.
Failed to create client ssl ctx
E2E Session failed: E2E setup failed
Enabling E2E failed

disconnecting from servers, please wait...
PS C:\Program Files\Amazon\CloudHSM> ls

    Directory: C:\Program Files\Amazon\CloudHSM

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         6/2/2022   2:17 PM                tools
-a----       12/30/2021   8:47 PM          18019 client_info
-a----       12/30/2021   9:18 PM        5475875 client_info.exe
-a----       12/30/2021   9:16 PM        2680320 cloudhsm_client.exe
-a----       12/30/2021   8:47 PM          24373 CLOUDHSM_LICENSE
-a----       12/30/2021   9:16 PM        2541056 cloudhsm_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 cng_config.exe
-a----       12/30/2021   9:17 PM        5489038 configure.exe
-a----         6/2/2022   2:18 PM           1416 CustomerCA.crt
-a----       12/30/2021   9:17 PM         188416 import_key.exe
-a----       12/30/2021   9:17 PM        1641472 key_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 ksp_config.exe
-a----       12/30/2021   9:17 PM        1417216 pkpspeed_blocking.exe

PS C:\Program Files\Amazon\CloudHSM>

I have copied as per the manual the self signed root ca I created to sign the HSM cluster when initializing.. not sure what this partition certificate error is.

demandé il y a 2 ans632 vues
1 réponse


Thank you for contacting us!

This error message implies that the signing certificate (CustomerCA.crt file) is missing from the expected path C:\ProgramData\Amazon\CloudHSM\customerCA.crt.

More information on the signing certificate and how it can be used to initialize the cluster is outlined in the following documentation:

Please follow the guidelines in this documentation to create the certificate file, if it does not already exist.

Feel free to reach back with any further questions or concerns.

répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions