Cloudhsm mgmt util - partition owner certificate error


I am testing out the cloudhsm and setting it up on a EC2 Win2019 server. I get the following error when I run the cloudhsm mgmt util to connect the server to the cloud HSM:

PS C:\Program Files\Amazon\CloudHSM> .\cloudhsm_mgmt_util.exe C:\ProgramData\Amazon\CloudHSM\data\cloudhsm_mgmt_util.cfg
Ignoring E2E enable flag in the configuration file

Connecting to the server(s), it may take time
depending on the server(s) load, please wait...

Connecting to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225...
Connected to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225.
partition owner certificate not exist at given path
Server 0(172.xx.xx.xx) is in unencrypted mode now...
running in limited commands mode
Error: partition owner certificate doesn't exist at given path.
Failed to create client ssl ctx
E2E Session failed: E2E setup failed
Enabling E2E failed

disconnecting from servers, please wait...
PS C:\Program Files\Amazon\CloudHSM> ls

    Directory: C:\Program Files\Amazon\CloudHSM

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         6/2/2022   2:17 PM                tools
-a----       12/30/2021   8:47 PM          18019 client_info
-a----       12/30/2021   9:18 PM        5475875 client_info.exe
-a----       12/30/2021   9:16 PM        2680320 cloudhsm_client.exe
-a----       12/30/2021   8:47 PM          24373 CLOUDHSM_LICENSE
-a----       12/30/2021   9:16 PM        2541056 cloudhsm_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 cng_config.exe
-a----       12/30/2021   9:17 PM        5489038 configure.exe
-a----         6/2/2022   2:18 PM           1416 CustomerCA.crt
-a----       12/30/2021   9:17 PM         188416 import_key.exe
-a----       12/30/2021   9:17 PM        1641472 key_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 ksp_config.exe
-a----       12/30/2021   9:17 PM        1417216 pkpspeed_blocking.exe

PS C:\Program Files\Amazon\CloudHSM>

I have copied as per the manual the self signed root ca I created to sign the HSM cluster when initializing.. not sure what this partition certificate error is.

asked 2 years ago622 views
1 Answer


Thank you for contacting us!

This error message implies that the signing certificate (CustomerCA.crt file) is missing from the expected path C:\ProgramData\Amazon\CloudHSM\customerCA.crt.

More information on the signing certificate and how it can be used to initialize the cluster is outlined in the following documentation:

Please follow the guidelines in this documentation to create the certificate file, if it does not already exist.

Feel free to reach back with any further questions or concerns.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions