本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
在 Linux 上升级 AWS CloudHSM 客户端 SDK 3
SDK 版本 5.8.0 及更早版本的支持已到期。2025 年 3 月 31 日之后,SDK 版本 3.4.4 及更早版本的文档将不再可用。
在 AWS CloudHSM Client SDK 3.1 及更高版本中,客户端守护程序的版本和您安装的任何组件都必须匹配才能升级。对于所有基于 Linux 的系统,必须使用单个命令、通过相同版本的 PKCS #11 库、Java 加密扩展 (JCE) 提供程序或 OpenSSL 动态引擎,批量升级客户端进程守护程序。此要求不适用于基于 Windows 的系统,因为客户端进程守护程序包已包含 CNG 和 KSP 提供程序库的二进制文件。
-
在基于 Red Hat 的 Linux 系统(包括 Amazon Linux 和 CentOS),使用以下命令:
rpm -qa | grep ^cloudhsm -
在基于 Debian 的 Linux 系统上,使用以下命令:
apt list --installed | grep ^cloudhsm -
在 Windows 系统上,使用以下命令:
wmic product get name,version
先决条件
下载最新版本的 AWS CloudHSM 客户端守护程序并选择您的组件。
注意
您无需安装所有的组件。对于已安装的每个组件,必须升级该组件来匹配客户端进程守护程序的版本。
最新的 Linux 客户端进程守护程序
- Amazon Linux
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-latest.el6.x86_64.rpm - Amazon Linux 2
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm - CentOS 7
-
sudo yum install wgetwget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm - CentOS 8
-
sudo yum install wgetwget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm - RHEL 7
-
sudo yum install wgetwget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm - RHEL 8
-
sudo yum install wgetwget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm - Ubuntu 16.04 LTS
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client_latest_amd64.deb - Ubuntu 18.04 LTS
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client_latest_u18.04_amd64.deb
最新的 PKCS #11 库
- Amazon Linux
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-pkcs11-latest.el6.x86_64.rpm - Amazon Linux 2
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-pkcs11-latest.el7.x86_64.rpm - CentOS 7
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-pkcs11-latest.el7.x86_64.rpm - CentOS 8
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-pkcs11-latest.el8.x86_64.rpm - RHEL 7
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-pkcs11-latest.el7.x86_64.rpm - RHEL 8
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-pkcs11-latest.el8.x86_64.rpm - Ubuntu 16.04 LTS
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client-pkcs11_latest_amd64.deb - Ubuntu 18.04 LTS
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client-pkcs11_latest_u18.04_amd64.deb
最新的 OpenSSL 动态引擎
- Amazon Linux
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-dyn-latest.el6.x86_64.rpm - Amazon Linux 2
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-dyn-latest.el7.x86_64.rpm - CentOS 7
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-dyn-latest.el7.x86_64.rpm - RHEL 7
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-dyn-latest.el7.x86_64.rpm - Ubuntu 16.04 LTS
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client-dyn_latest_amd64.deb
最新的 JCE 提供程序
- Amazon Linux
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-jce-latest.el6.x86_64.rpm - Amazon Linux 2
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-jce-latest.el7.x86_64.rpm - CentOS 7
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-jce-latest.el7.x86_64.rpm - CentOS 8
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-jce-latest.el8.x86_64.rpm - RHEL 7
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-jce-latest.el7.x86_64.rpm - RHEL 8
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-jce-latest.el8.x86_64.rpm - Ubuntu 16.04 LTS
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client-jce_latest_amd64.deb - Ubuntu 18.04 LTS
-
$wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client-jce_latest_u18.04_amd64.deb
步骤 1:停止客户端进程守护程序
使用以下命令停止客户端进程守护程序。
- Amazon Linux
$sudo stop cloudhsm-client- Amazon Linux 2
$sudo service cloudhsm-client stop- CentOS 7
$sudo service cloudhsm-client stop- CentOS 8
$sudo service cloudhsm-client stop- RHEL 7
$sudo service cloudhsm-client stop- RHEL 8
$sudo service cloudhsm-client stop- Ubuntu 16.04 LTS
$sudo service cloudhsm-client stop- Ubuntu 18.04 LTS
$sudo service cloudhsm-client stop
第 2 步:升级客户端软件开发工具包
以下命令显示了升级客户端进程守护程序和组件所需的语法。在运行此命令之前,请删除所有您不打算升级的组件。
- Amazon Linux
-
$sudo yum install ./cloudhsm-client-latest.el6.x86_64.rpm \<./cloudhsm-client-pkcs11-latest.el6.x86_64.rpm>\<./cloudhsm-client-dyn-latest.el6.x86_64.rpm>\<./cloudhsm-client-jce-latest.el6.x86_64.rpm> - Amazon Linux 2
-
$sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm \<./cloudhsm-client-pkcs11-latest.el7.x86_64.rpm>\<./cloudhsm-client-dyn-latest.el7.x86_64.rpm>\<./cloudhsm-client-jce-latest.el7.x86_64.rpm> - CentOS 7
-
$sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm \<./cloudhsm-client-pkcs11-latest.el7.x86_64.rpm>\<./cloudhsm-client-dyn-latest.el7.x86_64.rpm>\<./cloudhsm-client-jce-latest.el7.x86_64.rpm> - CentOS 8
-
$sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm \<./cloudhsm-client-pkcs11-latest.el8.x86_64.rpm>\<./cloudhsm-client-jce-latest.el8.x86_64.rpm> - RHEL 7
-
$sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm \<./cloudhsm-client-pkcs11-latest.el7.x86_64.rpm>\<./cloudhsm-client-dyn-latest.el7.x86_64.rpm>\<./cloudhsm-client-jce-latest.el7.x86_64.rpm> - RHEL 8
-
$sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm \<./cloudhsm-client-pkcs11-latest.el8.x86_64.rpm>\<./cloudhsm-client-jce-latest.el8.x86_64.rpm> - Ubuntu 16.04 LTS
-
$sudo apt install ./cloudhsm-client_latest_amd64.deb \<cloudhsm-client-pkcs11_latest_amd64.deb>\<cloudhsm-client-dyn_latest_amd64.deb>\<cloudhsm-client-jce_latest_amd64.deb> - Ubuntu 18.04 LTS
-
$sudo apt install ./cloudhsm-client_latest_u18.04_amd64.deb \<cloudhsm-client-pkcs11_latest_amd64.deb>\<cloudhsm-client-jce_latest_amd64.deb>
步骤 3:启动客户端进程守护程序
使用以下命令启动客户端进程守护程序。
- Amazon Linux
$sudo start cloudhsm-client- Amazon Linux 2
$sudo service cloudhsm-client start- CentOS 7
$sudo service cloudhsm-client start- CentOS 8
$sudo service cloudhsm-client start- RHEL 7
$sudo service cloudhsm-client start- RHEL 8
$sudo service cloudhsm-client start- Ubuntu 16.04 LTS
$sudo service cloudhsm-client start- Ubuntu 18.04 LTS
$sudo service cloudhsm-client start- Ubuntu 20.04 LTS
$sudo service cloudhsm-client start- Ubuntu 22.04 LTS
尚不支持 OpenSSL 动态引擎。
先前版本
支持的平台