- Newest
- Most votes
- Most comments
Hi,
In most cases when the client daemon does not want to start, it is generally due to a permissions error in the /opt/cloudhsm/etc directory. Therefore, can you check the permissions using the following command:
$ ls -l /opt/cloudhsm/etc/
All of the files in that directory should be at least 644, and the "certs" directory should be 755. The files in the "certs" directory should also be 644. What’s important is that “Others” must have read permissions because the hsmuser is not a part of the root group.
Note: The "client.crt" and "client.key" files can be 755 or 644, as long as "Others" has read permissions.
A working example of the correct permissions looks like this:
drwxr-xr-x. 2 root root 42 Oct 26 15:37 certs -rwxr-xr-x. 1 root root 1342 Oct 8 16:17 client.crt -rwxr-xr-x. 1 root root 1704 Oct 8 16:17 client.key -rw-r--r--. 1 root root 1145 Oct 26 15:45 cloudhsm_client.cfg -rw-r--r--. 1 root root 1140 Oct 8 16:17 cloudhsm_client.cfg.old -rw-r--r--. 1 root root 1255 Oct 26 15:46 cloudhsm_mgmt_util.cfg -rw-r--r--. 1 root root 719 Oct 26 15:45 cloudhsm_mgmt_util.cfg.old -rw-r--r--. 1 root root 600 Oct 8 16:17 cloudhsm_mgmt_util.cfg.old.1 -rw-r--r--. 1 root root 1265 Oct 26 15:37 customerCA.crt
To change the permissions of the file, you can use chmod. For example, this command changes the permissions on the "cloudhsm_client.cfg" file to 644 (-rw-r--r--).
$ sudo chmod 644 /opt/cloudhsm/etc/cloudhsm_client.cfg
Alternatively, you can also attempt to use the following command to check/change the file system permissions under /opt/cloudhsm:
sudo chmod go+rX -R /opt/cloudhsm
Once this is done, please attempt to start the daemon again.
If you can confirm that the permissions as shown above is indeed correct, we would then require details that are non-public information. Please open a support case with AWS using the following link so that we can perform a deep dive into your issue:
Relevant content
- asked 5 years ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
Thank you for the response ! Permissions are on point. I tried running it with a different command:
sudo /opt/cloudhsm/bin/cloudhsm_client start
now it shows:/opt/cloudhsm/bin/cloudhsm_client: error while loading shared libraries: libssl.so.10: cannot open shared object file: No such file or directory
though I confirmed openssl is installed.
I am having the same issue as above, using the exact same commands that worked a few months ago in SDK3. Would love to see this resolved.