Cloudhsm mgmt util - partition owner certificate error

0

I am testing out the cloudhsm and setting it up on a EC2 Win2019 server. I get the following error when I run the cloudhsm mgmt util to connect the server to the cloud HSM:

PS C:\Program Files\Amazon\CloudHSM> .\cloudhsm_mgmt_util.exe C:\ProgramData\Amazon\CloudHSM\data\cloudhsm_mgmt_util.cfg
Ignoring E2E enable flag in the configuration file

Connecting to the server(s), it may take time
depending on the server(s) load, please wait...

Connecting to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225...
Connected to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225.
C:\ProgramData\Amazon\CloudHSM\customerCA.crt,
partition owner certificate not exist at given path
Server 0(172.xx.xx.xx) is in unencrypted mode now...
running in limited commands mode
Error: partition owner certificate doesn't exist at given path.
Failed to create client ssl ctx
E2E Session failed: E2E setup failed
Enabling E2E failed
aws-cloudhsm>quit


disconnecting from servers, please wait...
PS C:\Program Files\Amazon\CloudHSM> ls


    Directory: C:\Program Files\Amazon\CloudHSM


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         6/2/2022   2:17 PM                tools
-a----       12/30/2021   8:47 PM          18019 client_info
-a----       12/30/2021   9:18 PM        5475875 client_info.exe
-a----       12/30/2021   9:16 PM        2680320 cloudhsm_client.exe
-a----       12/30/2021   8:47 PM          24373 CLOUDHSM_LICENSE
-a----       12/30/2021   9:16 PM        2541056 cloudhsm_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 cng_config.exe
-a----       12/30/2021   9:17 PM        5489038 configure.exe
-a----         6/2/2022   2:18 PM           1416 CustomerCA.crt
-a----       12/30/2021   9:17 PM         188416 import_key.exe
-a----       12/30/2021   9:17 PM        1641472 key_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 ksp_config.exe
-a----       12/30/2021   9:17 PM        1417216 pkpspeed_blocking.exe


PS C:\Program Files\Amazon\CloudHSM>

I have copied as per the manual the self signed root ca I created to sign the HSM cluster when initializing.. not sure what this partition certificate error is.

posta 2 anni fa632 visualizzazioni
1 Risposta
0

Hi,

Thank you for contacting us!

This error message implies that the signing certificate (CustomerCA.crt file) is missing from the expected path C:\ProgramData\Amazon\CloudHSM\customerCA.crt.

More information on the signing certificate and how it can be used to initialize the cluster is outlined in the following documentation:

Please follow the guidelines in this documentation to create the certificate file, if it does not already exist.

Feel free to reach back with any further questions or concerns.

AWS
TECNICO DI SUPPORTO
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande