Breadcrumbs

Update the Configuration File

Follow the instructions in the “Software Configuration” chapter of the Installation and Operations Guide for the Atalla HSM AT1000. Use a text editor, such as notepad, to update the [TCPIP] section of the config.prm file.

The [STARTUP] section of the config.prm file must include the IMAGE=A8.XX parameter, where XX is the version you are configuring.

  • Update the IPADDR= parameter to specify the IP address of the Atalla HSM.

  • Update the NETMASK= parameter to specify the IP subnet mask, which controls the range of host IP addresses for the Atalla HSM.

  • Update the GATEWAY= parameter to specify the IP address of the gateway for the Appliance if it is on a different network than the Atalla HSM.

  • Update the PORT_ASCII= parameter to specify the port number at which the Atalla HSM will accept commands. The preset value is 7000.

  • Update the MAX_CLIENTS_ASCII= parameter to specify how many connections can be opened between all Appliances and the Atalla HSM. Use the default value of 16 if you have a maximum of 3 Appliances. Increase this value by 5 for each additional Appliance that will

connect to the Atalla HSM. OpenText recommends the maximum value of 64.

If you are connecting to Atalla AT1000 HSMs with firmware version 8.36 or later, set this value to 64.

  • (Optional) Update the preset RECONNECT=no parameter value to RECONNECT=yes to allow faster reconnection from a specific Appliance in the event of network connectivity issues.

  • Update the PORT_STATUS= parameter to specify the port number to which system log files and error files are written. This parameter does not have a default value. The preset value is 7001.

  • Update the PORT_MANAGEMENT= parameter to specify the port number on which the HSM will accept management commands from a remote SCA-3. The preset value is 7005.

  • Make sure that the PROTOCOL_ASCII=TLS and REQUIRE_CLIENT_CERT=yes

parameters are included.

  • Add the ALLOWIP= parameter to limit the IP addresses that can access the Atalla HSM. You must include the IP address of the Appliance that runs the Management Console, and all remote host Appliances that run Key Servers. For example, if your system includes a dedicated Management Console and two Key Servers, you must specify the three IP addresses for the ALLOWIP= parameter. Separate each IP address with a comma and space, as shown in the following example.

ALLOWIP=192.168.1.20, 192.168.1.21, 192.168.1.22

After you update the file with the information required for connecting with the Appliance, save the file to the Atalla HSM USB device. You must use config.prm as the file name.

Example of the config.prm File

[[CONFIG]]
[STARTUP]
IMAGE=A8.50
[TCPIP]
IPADDR=192.168.1.100
NETMASK=255.255.0.0
GATEWAY=192.168.1.1
PORT_ASCII=7000
MAX_CLIENTS_ASCII=64
RECONNECT=no
PORT_STATUS=7001
PORT_MANAGEMENT=7005
PROTOCOL_ASCII=TLS
REQUIRE_CLIENT_CERT=yes
ALLOWIP=192.168.1.20, 192.168.1.21, 192.168.1.22
[[SNMP]]
[SNMP]
[[LOG]]
[LOG]