By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudHSM rejecting Keytool command

0

I have an EC2 instance where I can successfully connect to and login to my CloudHSM I have also been able to setup the users on the cloudHSM. So I know that my ports and virtual networking are ok.

When I run the following from the EC2 instance: keytool -genkeypair -alias Keystore
-keyalg rsa -keysize 4096
-sigalg sha512withrsa
-keystore keystore.store
-storetype CLOUDHSM
-J-classpath '-J/opt/cloudhsm/java/*'

I get the following response, im not sure what's wrong:

thread 'CloudHSM Worker' panicked at 'failed to create appender: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }', /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tracing-appender-0.2.2/src/rolling.rs:499:53 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace Error writing to log file. Falling back to standard error. 2023-10-12T18:39:49.648Z INFO [8277] ThreadId(2) [cloudhsm_provider::hsm1::connection::connection_pool] Adding HSM connection to connection pool: HSM { IP: "xx.xx.x.xx", Port: 2223 } 2023-10-12T18:39:49.648Z INFO [8277] ThreadId(2) [cloudhsm_provider::hsm1::hsm_connection::hsm_connection_impl] HSM xx.xx.x.xx:2223 is connecting 2023-10-12T18:39:49.654Z INFO [8277] ThreadId(2) [cloudhsm_provider_common::server_connection::common] Initializing new connection: HSM { IP: "xx.xx.x.xx", Port: 2223 } 2023-10-12T18:39:49.706Z INFO [8277] ThreadId(2) [cloudhsm_provider::hsm1::hsm_connection::server_properties] Version handshake with server succeeded. Received version: ComponentVersion { major: 2, minor: 8 } 2023-10-12T18:39:49.706Z INFO [8277] ThreadId(2) [hsm1_marshaling::server_handshake] Reporting sdk version Jce:5.10.0-el6:CodeBuildBatchProject-uFu5sNXfquqK:7466104f-c1f7-4f5b-aa7e-19d490914153 2023-10-12T18:39:49.819Z INFO [8277] ThreadId(1) [cloudhsm_provider::hsm1::connection::connection_pool::cluster_info_message] Current cluster version is 0; incoming cluster version is 213903432 2023-10-12T18:39:49.823Z INFO [8277] ThreadId(2) [cloudhsm_provider_common::server_connection::common] Initializing new connection: HSM { IP: "xx.xx.x.xx", Port: 2223 } 2023-10-12T18:39:49.884Z INFO [8277] ThreadId(2) [cloudhsm_provider::hsm1::hsm_connection::hsm_connection_impl] HSM xx.xx.x.xx:2223 has fips state 2 2023-10-12T18:39:49.884Z INFO [8277] ThreadId(2) [cloudhsm_provider::hsm1::hsm_connection::hsm_connection_impl] Updating the state of HSM xx.xx.x.xx:2223 2023-10-12T18:39:49.885Z INFO [8277] ThreadId(2) [cloudhsm_provider::hsm1::hsm_connection::hsm_connection_impl] HSM xx.xx.x.xx:2223 is connected and ready 2023-10-12T18:39:49.887Z INFO [8277] ThreadId(1) [cloudhsm_provider::hsm1::connection::connection_pool::cluster_info_message] HSMs to be added: {HSM { IP: "xx.xx.x.xx", Port: 2223 }} 2023-10-12T18:39:49.887Z INFO [8277] ThreadId(1) [cloudhsm_provider::hsm1::connection::connection_pool::cluster_info_message] HSMs to be removed: {} Enter keystore password:
Re-enter new password: They don't match. Try again Enter keystore password:
Re-enter new password: 2023-10-12T18:41:21.004Z ERROR [8277] ThreadId(1) [cloudhsm_provider_common::dispatcher::dispatcher_error] Error in Dispatcher: Failed to read packet.. Internal Error: early eof 2023-10-12T18:41:21.004Z ERROR [8277] ThreadId(1) [cloudhsm_provider_common::dispatcher::reader] Failed to read response from socket. Error: Dispatcher is disconnected. Error: "HSM actively closed the connection." 2023-10-12T18:41:21.004Z INFO [8277] ThreadId(1) [cloudhsm_provider_common::dispatcher] Exiting all active dispatcher operations 2023-10-12T18:41:21.004Z ERROR [8277] ThreadId(1) [cloudhsm_provider::hsm1::hsm_connection::error] Disconnected with server. Message: Tls disconnected. Reason: HSM actively closed the connection. 2023-10-12T18:41:21.004Z ERROR [8277] ThreadId(1) [cloudhsm_provider_common::keep_alive] Keep-alive failed for xx.xx.x.xx. Internal Error: Internal error occurred. Error: HSM is disconnected 2023-10-12T18:41:21.004Z ERROR [8277] ThreadId(1) [cloudhsm_provider_common::dispatcher::dispatcher_error] Error in Dispatcher: Failed to read packet.. Internal Error: early eof 2023-10-12T18:41:21.004Z ERROR [8277] ThreadId(1) [cloudhsm_provider_common::dispatcher::reader] Failed to read response from socket. Error: Dispatcher is disconnected. Error: "HSM actively closed the connection." 2023-10-12T18:41:21.004Z INFO [8277] ThreadId(1) [cloudhsm_provider_common::dispatcher] Exiting all active dispatcher operations keytool error: com.amazonaws.cloudhsm.jce.jni.exception.ProviderException: The underlying Provider connection was lost: Communication with the device was lost during the execution of the function.2023-10-12T18:41:21.004Z ERROR [8277] ThreadId(2) [cloudhsm_provider::hsm1::hsm_connection::error] Disconnected with server. Message: Tls disconnected. Reason: HSM actively closed the connection. 2023-10-12T18:41:21.004Z WARN [8277] ThreadId(2) [cloudhsm_provider::hsm1::session::key_management::find::find_key_builder_impl] Failed to fetch objects from HSM xx.xx.x.xx:2223. Internal Error: Underlying connection to provider was lost

Topics
Security, Identity, & ComplianceDeveloper ToolsCompute
Tags
AWS CloudHSMDeveloper ToolsAmazon EC2
Language
English
kas_TA
asked 6 months ago121 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content