Configuring the HSM in DataCore vFilO

The final step is to configure DataCore vFilO with the access information for the HSMs exposed through the WSOP REST service. This must be done through the DataCore vFilO Admin command line.

At theDataCore vFilO Admin prompt, enter the following command.

Anything between quotes on this command line may contain line wraps – for example, the PEM certificates and keys may contain line wraps as long as the text is in quotes)

admin@host.domain> kms-add --endpoint <wsop-host>:18001 --key-id urn:uuid:<kid-from-above> --name nCipher-hsm --type NCIPHER_WSOP --client-certificate '-----BEGIN CERTIFICATE-----MIIDq ... dY0E=-----END CERTIFICATE-----' --client-private-key '-----BEGIN PRIVATE KEY-----MIIEv ... Hsw==-----END PRIVATE KEY-----' --server-certificate-chain '-----BEGIN CERTIFICATE-----MIIDb ... bLaMg==-----END CERTIFICATE-----'

Name:   	nCipher-hsm

Type:		KmsType.NCIPHER_HSM

Internal ID:	1

ID:		fb1e46c5-d493-428c-b755-7de8ac2b613d

Endpoint:	https://isis:18001

Key identifier:	urn:uuid:<kid-from-above>

Client id/cert	-----BEGIN CERTIFICATE-----MIIDq ...

Server id/cert	-----BEGIN CERTIFICATE-----MIIDb ...

Name:           nCipher-hsm

Type:		KmsType.NCIPHER_HSM

Internal ID:	1

ID:		fb1e46c5-d493-428c-b755-7de8ac2b613d

Endpoint:	https://isis:18001

Key identifier:	urn:uuid:<kid-from-above>

Client id/cert	-----BEGIN CERTIFICATE-----MIIDq ...

Server id/cert	-----BEGIN CERTIFICATE-----MIIDb ...

The command line will accept line-wrap characters (CR, LF, CRLF, etc) within quoted parameter arguments. For instance, in the above sample command line the --client-certificate argument is a string of text between single quotes. Any text within these quotes may have line-wrap characters embedded.

You have now successfully completed the configuration.