Manual Chapter :
Additional Information
Applies To:
Show Versions
BIG-IP AAM
- 14.1.3, 14.0.0
BIG-IP APM
- 14.1.3, 14.0.0
BIG-IP LTM
- 14.1.3, 14.0.0
BIG-IP AFM
- 14.1.3, 14.0.0
BIG-IP DNS
- 14.1.3, 14.0.0
BIG-IP ASM
- 14.1.3, 14.0.0
Additional Information
Upgrading the BIG-IP software when using the SafeNet Luna HSM
After a BIG-IP system software or hotfix upgrade, you do not need to run
the SafeNet Luna SA client setup script. Any local keys and certificates you added
to the BIG-IP system configuration before upgrading (using the command
tmsh
install sys crypto
) appear in the upgrade partition and can be used.
Keys, certificates, and CSRs created using tmsh
are already part
of the BIG-IP system configuration and can be used.If you will need keys, certificates, or
CSRs that were not added to the BIG-IP system configuration, before you upgrade,
copy the files into the
/shared
directory. After the upgrade,
copy them back to their appropriate directories in the new partition:
/config/ssl/ssl.key/
,
/config/ssl/ssl.crt
, or
/config/ssl/ssl.csr
. - Log in to the command-line interface of the BIG-IP system using an account with administrator privileges.
- Reinstall the Luna SA client on the BIG-IP system, using the parameters you used when you initially installed and registered it.nethsm-safenet-install.sh
Uninstalling SafeNet Luna SA components from the BIG-IP system
If you no longer need to use the SafeNet Luna SA HSM on a BIG-IP system, you should uninstall the files.
- Log in to the command-line interface of the system using an account with administrator privileges.
- Uninstall the SafeNet client software and clean up SafeNet directories.nethsm-safenet-install.sh -u [-v]
nethsm-safenet-install.sh utility options
The
nethsm-safenet-install.sh
utility includes these options:Option |
Description |
---|---|
-f |
Reinstalls when a connection with HSM already exists. |
-h |
Displays help. |
-u |
Uninstalls SafeNet software and cleans up SafeNet
directories. |
-v |
Prints verbose output about the executing operations. |
--hsm_ip_addr=<ip_addr> |
SafeNet Luna SA HSM IP address(es). For multiple HSMs, use a double-quoted value with
space-separated IP addresses (such as
--hsm_ip_addr="10.10.10.100.10.10.10.101" ). |
--hsm_partition_pwd=<password> |
SafeNet HSM partition password. This password must be the same for
all HSMs being used in High Availability (HA) configurations. |
--hsm_username=<user_name> |
SafeNet Luna SA HSM user name. Default is admin . |
--hsm_ha_group=<group_name> |
Name for the SafeNet HSM HA group. When using multiple HSMs in a HA
configuration, all HSMs in HA must use the same partition
password. |
--image=<image_name> |
SafeNet Luna SA tarball to be installed (for example,
Luna_5.1_Client_Software.tar). This file must be stored on theBIG-IP system in
/shared/safenet_install . |
--interface=<interface_name> |
Interface identifier of BIG-IP to be used to communicate with the SafeNet Luna SA HSM
(eth0). The default is the management interface. |
--ip_addr=<client_ip_addr> |
IP address of the BIG-IP as seen by the SafeNet HSM. |
--num_threads=<threads> |
Indicates the number of threads pkcs11d will use. The default is
20. |
--verbose=<level> |
Indicates message verbosity level. The default value is zero, and all
levels greater than zero indicate verbose output. |