nethsmadmin

nethsmadmin [-m MODULE] [-c|-w|-r|-e|-g]
nethsmadmin -l -s RFS_IP [options]                          # List images on the RFS
nethsmadmin [-m MODULE] -f -s RFS_IP [options]              # List features on the RFS
nethsmadmin [-m MODULE] -a FEATURE_FILE -s RFS_IP [options] # Apply feature file to RFS
nethsmadmin [-m MODULE] -i IMAGE                            # Upgrade image
nethsmadmin [-m MODULE] -d MMDDhhmmYYYY                     # Get date

Administers an HSM without using the front panel.

Options include:

  • Check the Security World files on a specified nShield HSM.

  • Copy Security World files from the RFS to the nShield HSM.

  • Command the specified nShield HSM to reboot. This restarts the hardserver.

  • Command the nShield HSM to upgrade using the specified image file from its RFS.

  • Retrieve a list of image files available on the RFS.

  • Retrieve a list of feature certificates available on the RFS for a specified nShield HSM.

  • Command the nShield HSM to apply a specified feature certificate from the RFS.

  • Erase the Security World on the nShield HSM and re-initialize the HSM.

  • Get the date and time on the nShield HSM.

  • Set the date and time on the nShield HSM.

  • Enable dynamic features, including client licenses remotely.

You must use a privileged connection to use this utility with the following parameters:

  • Reboot the HSM (nethsmadmin -r)

  • Erase the Security World (nethsmadmin -e)

  • Upgrade the HSM firmware (nethsmadmin -i)

For more information, see:

Option Description

RFS options

-p, --port=PORT

Overrides the default RFS port 9004.

-s, --rfs=RFS_IP

IP address of the remote file server (RFS).

Authentication options

-k, --kneti-module=LOCAL_MODULE

Optional.
Specifies the local module whose KNETI authentication key will be used to authenticate this client to the RFS. If omitted or 0, this client will authenticate itself to the RFS using the hardserver’s software KNETI authentication key.
Default: 0.

--rfs-esn=ESN

Sets the ESN of the remote module used to authenticate the RFS when using module KNETI authentication.

--rfs-hkneti=HKNETI

Required.
Sets the software or module KNETI hash used to authenticate the RFS.

Admin operations

-a, --apply-feature=FEATURE_FILENAME

Applies the specified feature file to the newtork-attached HSM. The path to the feature file must be a full path as --list-features retrieved it.

-c, --check-world

Prints the state of the security world/files on the specified remote module.

-d, --set-date=DATE

Sets the date and time on the specified remote module to the specified date.
Format: MMDDhhmmYYYY (MM is the month, mm is the minutes, YYYY must be between 2000 and 2037).

-e, --erase-world

Can only be executed as privileged user (a user with a privileged connection to the HSM).
Erases the security world on the specified remote module.

-f, --list-features

Lists the nethsm features on the remote filesystem.

-g, --get-date

Rerieves the date and time on the specified remote module.

-i, --upgrade-image=IMAGE

Can only be executed as privileged user (a user with a privileged connection to the HSM).
Instructs the module to upgrade using the specified image file from the remote filesystem. The path to the image must be a full path as --list-images retrieved it.

-l, --list-images

Lists the nethsm images on the remote filesystem.

-r, --reboot

Can only be executed as privileged user (a user with a privileged connection to the HSM).
Instructs the specified module to remotely reboot.

-w, --update-world

Instruct the specified module to fetch its world files from its RFS.

Option to address HSMs

-m, --module=MODULE

Specifies the number of the module to use.
If you only have one module, <MODULE> is 1.
Default: 1.

Help options

-h, --help

Displays help for nethsmadmin.

-u, --usage

Displays a brief usage summary for nethsmadmin.

-v, --version

Displays the version number of the Security World Software that deploys nethsmadmin.