Getting a missing warrant
To use the nfkmattest
tool to generate an attestation bundle, the HSM used must have a KLF2 warrant installed in the appropriate location, or an alternative search directory specified with the --warrants DIR
option.
If a warrant can’t be found locally but has been installed on a different server, it can be copied over a secure connection.
By default, these warrants are stored in NFAST_KMLOCAL/warrants/
for Solo + or Solo XC, or NFAST_KMDATA/hsm-<ESN>/warrants/
for Connect + or Connect XC modules.
nShield 5s and nShield 5c are supplied with the required warrants pre-installed and stored within the module.
These will be fetched by the Security World software when necessary.
If no warrants are installed, complete the steps in the relevant nShield User Guide to request one from Entrust.