Cloudhsm mgmt util - partition owner certificate error

0

I am testing out the cloudhsm and setting it up on a EC2 Win2019 server. I get the following error when I run the cloudhsm mgmt util to connect the server to the cloud HSM:

PS C:\Program Files\Amazon\CloudHSM> .\cloudhsm_mgmt_util.exe C:\ProgramData\Amazon\CloudHSM\data\cloudhsm_mgmt_util.cfg
Ignoring E2E enable flag in the configuration file

Connecting to the server(s), it may take time
depending on the server(s) load, please wait...

Connecting to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225...
Connected to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225.
C:\ProgramData\Amazon\CloudHSM\customerCA.crt,
partition owner certificate not exist at given path
Server 0(172.xx.xx.xx) is in unencrypted mode now...
running in limited commands mode
Error: partition owner certificate doesn't exist at given path.
Failed to create client ssl ctx
E2E Session failed: E2E setup failed
Enabling E2E failed
aws-cloudhsm>quit


disconnecting from servers, please wait...
PS C:\Program Files\Amazon\CloudHSM> ls


    Directory: C:\Program Files\Amazon\CloudHSM


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         6/2/2022   2:17 PM                tools
-a----       12/30/2021   8:47 PM          18019 client_info
-a----       12/30/2021   9:18 PM        5475875 client_info.exe
-a----       12/30/2021   9:16 PM        2680320 cloudhsm_client.exe
-a----       12/30/2021   8:47 PM          24373 CLOUDHSM_LICENSE
-a----       12/30/2021   9:16 PM        2541056 cloudhsm_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 cng_config.exe
-a----       12/30/2021   9:17 PM        5489038 configure.exe
-a----         6/2/2022   2:18 PM           1416 CustomerCA.crt
-a----       12/30/2021   9:17 PM         188416 import_key.exe
-a----       12/30/2021   9:17 PM        1641472 key_mgmt_util.exe
-a----       12/30/2021   9:16 PM          10240 ksp_config.exe
-a----       12/30/2021   9:17 PM        1417216 pkpspeed_blocking.exe


PS C:\Program Files\Amazon\CloudHSM>

I have copied as per the manual the self signed root ca I created to sign the HSM cluster when initializing.. not sure what this partition certificate error is.

asked 2 years ago622 views
1 Answer
0

Hi,

Thank you for contacting us!

This error message implies that the signing certificate (CustomerCA.crt file) is missing from the expected path C:\ProgramData\Amazon\CloudHSM\customerCA.crt.

More information on the signing certificate and how it can be used to initialize the cluster is outlined in the following documentation:

Please follow the guidelines in this documentation to create the certificate file, if it does not already exist.

Feel free to reach back with any further questions or concerns.

AWS
SUPPORT ENGINEER
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions