AWS CloudHSM Client SDK 5 配置语法
下表说明了 Client SDK 5 的 AWS CloudHSM 配置文件的语法。
- PKCS #11
-
configure-pkcs11[ .exe ] -a<ENI IP address>[--hsm-ca-cert<customerCA certificate file path>] [--cluster-id<cluster ID>] [--endpoint<endpoint>] [--region<region>] [--server-client-cert-file<client certificate file path>] [--server-client-key-file<client key file path>] [--client-cert-hsm-tls-file<client certificate hsm tls path>] [--client-key-hsm-tls-file<client key hsm tls path>] [--log-level<error | warn | info | debug | trace>] Default is<info>[--log-rotation<daily | weekly>] Default is<daily>[--log-file<file name with path>] Default is</opt/cloudhsm/run/cloudhsm-pkcs11.log>Default for Windows is<C:\\Program Files\\Amazon\\CloudHSM\\cloudhsm-pkcs11.log>[--log-type<file | term>] Default is<file>[-h | --help] [-V | --version] [--disable-key-availability-check] [--enable-key-availability-check] [--disable-validate-key-at-init] [--enable-validate-key-at-init] This is the default for PKCS #11 - OpenSSL
-
configure-dyn[ .exe ] -a<ENI IP address>[--hsm-ca-cert<customerCA certificate file path>] [--cluster-id<cluster ID>] [--endpoint<endpoint>] [--region<region>] [--server-client-cert-file<client certificate file path>] [--server-client-key-file<client key file path>] [--client-cert-hsm-tls-file<client certificate hsm tls path>] [--client-key-hsm-tls-file<client key hsm tls path>] [--log-level<error | warn | info | debug | trace>] Default is<error>[--log-type<file | term>] Default is<term>[-h | --help] [-V | --version] [--disable-key-availability-check] [--enable-key-availability-check] [--disable-validate-key-at-init] This is the default for OpenSSL [--enable-validate-key-at-init] - JCE
-
configure-jce[ .exe ] -a<ENI IP address>[--hsm-ca-cert<customerCA certificate file path>] [--cluster-id<cluster ID>] [--endpoint<endpoint>] [--region<region>] [--server-client-cert-file<client certificate file path>] [--server-client-key-file<client key file path>] [--client-cert-hsm-tls-file<client certificate hsm tls path>] [--client-key-hsm-tls-file<client key hsm tls path>] [--log-level<error | warn | info | debug | trace>] Default is<info>[--log-rotation<daily | weekly>] Default is<daily>[--log-file<file name with path>] Default is</opt/cloudhsm/run/cloudhsm-jce.log>Default for Windows is<C:\\Program Files\\Amazon\\CloudHSM\\cloudhsm-jce.log>[--log-type<file | term>] Default is<file>[-h | --help] [-V | --version] [--disable-key-availability-check] [--enable-key-availability-check] [--disable-validate-key-at-init] This is the default for JCE [--enable-validate-key-at-init] - CloudHSM CLI
-
configure-cli[ .exe ] -a<ENI IP address>[--hsm-ca-cert<customerCA certificate file path>] [--cluster-id<cluster ID>] [--endpoint<endpoint>] [--region<region>] [--server-client-cert-file<client certificate file path>] [--server-client-key-file<client key file path>] [--client-cert-hsm-tls-file<client certificate hsm tls path>] [--client-key-hsm-tls-file<client key hsm tls path>] [--log-level<error | warn | info | debug | trace>] Default is<info>[--log-rotation<daily | weekly>] Default is<daily>[--log-file<file name with path>] Default for Linux is</opt/cloudhsm/run/cloudhsm-cli.log>Default for Windows is<C:\\Program Files\\Amazon\\CloudHSM\\cloudhsm-cli.log>[--log-type<file | term>] Default setting is<file>[-h | --help] [-V | --version] [--disable-key-availability-check] [--enable-key-availability-check] [--disable-validate-key-at-init] This is the default for CloudHSM CLI [--enable-validate-key-at-init]
客户端软件开发工具包 5 配置工具
参数