I am testing out the cloudhsm and setting it up on a EC2 Win2019 server. I get the following error when I run the cloudhsm mgmt util to connect the server to the cloud HSM:
PS C:\Program Files\Amazon\CloudHSM> .\cloudhsm_mgmt_util.exe C:\ProgramData\Amazon\CloudHSM\data\cloudhsm_mgmt_util.cfg
Ignoring E2E enable flag in the configuration file
Connecting to the server(s), it may take time
depending on the server(s) load, please wait...
Connecting to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225...
Connected to server '172.xx.xx.xx': hostname '172.xx.xx.xx', port 2225.
C:\ProgramData\Amazon\CloudHSM\customerCA.crt,
partition owner certificate not exist at given path
Server 0(172.xx.xx.xx) is in unencrypted mode now...
running in limited commands mode
Error: partition owner certificate doesn't exist at given path.
Failed to create client ssl ctx
E2E Session failed: E2E setup failed
Enabling E2E failed
aws-cloudhsm>quit
disconnecting from servers, please wait...
PS C:\Program Files\Amazon\CloudHSM> ls
Directory: C:\Program Files\Amazon\CloudHSM
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 6/2/2022 2:17 PM tools
-a---- 12/30/2021 8:47 PM 18019 client_info
-a---- 12/30/2021 9:18 PM 5475875 client_info.exe
-a---- 12/30/2021 9:16 PM 2680320 cloudhsm_client.exe
-a---- 12/30/2021 8:47 PM 24373 CLOUDHSM_LICENSE
-a---- 12/30/2021 9:16 PM 2541056 cloudhsm_mgmt_util.exe
-a---- 12/30/2021 9:16 PM 10240 cng_config.exe
-a---- 12/30/2021 9:17 PM 5489038 configure.exe
-a---- 6/2/2022 2:18 PM 1416 CustomerCA.crt
-a---- 12/30/2021 9:17 PM 188416 import_key.exe
-a---- 12/30/2021 9:17 PM 1641472 key_mgmt_util.exe
-a---- 12/30/2021 9:16 PM 10240 ksp_config.exe
-a---- 12/30/2021 9:17 PM 1417216 pkpspeed_blocking.exe
PS C:\Program Files\Amazon\CloudHSM>
I have copied as per the manual the self signed root ca I created to sign the HSM cluster when initializing.. not sure what this partition certificate error is.
AWS 官方已更新 3 年前