[Opendnssec-user] OpenDNSSEC with SafeNet Luna HSM

Roman Serbski mefystofel at gmail.com
Thu May 12 17:54:41 UTC 2016


Anyone here using SafeNet Luna HSM?

We're using latest OpenDNSSEC 1.4.10 with SoftHSM under FreeBSD 10,
and I'm trying to integrate a pair of SafeNet Luna HSMs (network
based) for a newly created domains.

I managed to install SafeNet 6.2.0 software (lunacm, vtl, htl_client
and libcryptoki), register the server, create HA slot, and assign a

I understand that I'll have to modify conf.xml to include additional
repository (with the path to libCryptoki2_64.so and relevant partition
password), and then duplicate and adjust the policy in kasp.xml, but
before that I guess I need to initialize a slot?

Do I need to follow 'softhsm --init-token ...' procedure (I noticed
that there is --module <path> directive)? Or OpenDNSSEC has to be
recompiled with libCryptoki2_64.so support?

Many thanks and sorry in advance if it's too obvious.

More information about the Opendnssec-user mailing list