Install the latest version of the Utimaco u.trust GP HSM Se-Series software if it has not already been installed.
-
Locate the configuration file, cs_pkcs11_R3.cfg. On Windows, as part of the Utimaco u.trust GP HSM Se-Series software installation, cs_pkcs11_R3.cfg will be created automatically and will be available in the C:\ProgramData\Utimaco\PKCS11_R3 folder.
-
Edit the cs_pkcs11_R3.cfg file and make the appropriate changes to the file as shown below.
[Global]
# For Unix:
#Logpath = /tmp
# For Windows:
Logpath = C:/ProgramData/Utimaco/PKCS11_R3
# Loglevel (0 = NONE; 1 = ERROR; 2 = WARNING; 3 = INFO; 4 = TRACE)
Logging = 1
# Prevents expiring session after inactivity of 15 minutes
KeepAlive = true
# Set the Device to connect with
#[CryptoServer]
# Device specifier
Device = <HSM_IP>
For detailed guidance on commands and their parameters, please refer to the Utimaco CryptoServer documentation. The device could be a CryptoServer HSM, available in either PCIe or LAN form factors. Depending on the type, the device configuration line will follow one of these formats: LAN-based HSM: Device = 288@ipaddress PCIe-based HSM: Device = /dev/cs2.0 Be sure to select the appropriate format based on your specific hardware setup.
To simplify your testing process, it's recommended that you enable the PKCS#11 log file by adjusting the logging settings. Specifically: Set the LogPath to a writable directory (not a specific file). Set the Logging Loglevel to 1 for basic logging. Increase it to 4 for more detailed output during testing. This will generate a log file named cs_pkcs11_R3.log within the specified LogPath directory. Reviewing this log can help with troubleshooting if you encounter issues.
Once testing is complete, it's advisable to reduce Logging Loglevel to limit output to only critical or important messages