nethsmenroll

nethsmenroll [OPTIONS] NETHSM-IP [ESN HKNETI]

As an alternative to hand-editing a client’s hardserver configuration file, you can run nethsmenroll on a client to configure it to access an nShield HSM. For example:

  • Enroll an HSM, without needing to restart the hardserver

  • Unenroll an HSM (nethsmenroll -r), then restart the hardserver to update the information about the HSM estate

A network-attached HSM for this kind of configuration file editing can be either an nShield Connect or nShield 5c, or a remote hardserver that has been configured to export a local HSM. If the network-attached HSM’s ESN and HKNETI are not specified, attempts to contact the HSM to determine them and requests confirmation. ESN and HKNETI must be specified if the HSM is a remote hardserver with more than one HSM.

For more information, see:

Option Description

-f, --force

Forces reconfiguration of an already known HSM.

-n, --ntoken-esn=ESN

Specifies the ESN of the nToken to be used to authenticate this client. If the option is omitted, then software authentication will be used instead.

--no-hkneti-confirmation

Does not request confirmation when automatically determining the nethsm’s ESN and HKNETI.

Only use this option on secure networks.

-p, --privileged

Causes the hardserver to request a privileged connection to the HSM.
Default: unprivileged.

-P, --port=PORT

Specifies the port to use when connecting to the HSM.
Default 9004.

-r, --remove

Deconfigures the HSM.

-V, --verify-nethsm-details

When the ESN and HKNETI have been provided on the command line, verifies that the HSM is alive, reachable and matches those details.

Option to address HSMs

-m, --module=MODULE

Specifies the number of the module whose hardserver configuration file to use.
If you only have one module, <MODULE> is 1.
Default: 0 for dynamic configuration by the hardserver.

Help options

-h, --help

Displays help for nethsmenroll.

-u, --usage

Displays a brief usage summary for nethsmenroll.

-v, --version

Displays the version number of the Security World Software that deploys nethsmenroll.