Install and configure the AWS CloudHSM client for KMU (Linux)
To interact with the hardware security module (HSM) in your AWS CloudHSM cluster using the key_mgmt_util (KMU), you need the AWS CloudHSM client software for Linux. You should install it on the Linux EC2 client instance that you created previously. You can also install a client if you are using Windows. For more information, see Install and configure the AWS CloudHSM client for KMU (Windows).
Tasks
Step 1. Install the AWS CloudHSM client and command line tools
Connect to your client instance and run the following commands to download and install the AWS CloudHSM client and command line tools.
Step 2. Edit the client configuration
Before you can use the AWS CloudHSM client to connect to your cluster, you must edit the client configuration.
To edit the client configuration
-
Copy your issuing certificate—the one that you used to sign the cluster's certificate—to the following location on the client instance:
/opt/cloudhsm/etc/customerCA.crt. You need instance root user permissions on the client instance to copy your certificate to this location. -
Use the following configure command to update the configuration files for the AWS CloudHSM client and command line tools, specifying the IP address of the HSM in your cluster. To get the HSM's IP address, view your cluster in the AWS CloudHSM console
, or run the describe-clusters AWS CLI command. In the command's output, the HSM's IP address is the value of the EniIpfield. If you have more than one HSM, choose the IP address for any of the HSMs; it doesn't matter which one.sudo /opt/cloudhsm/bin/configure -a<IP address>Updating server config in /opt/cloudhsm/etc/cloudhsm_client.cfg Updating server config in /opt/cloudhsm/etc/cloudhsm_mgmt_util.cfg
