As part of an HSM cluster, if an HSM server loses network connectivity while Address Manager is joining the Security World, or while you are adding an HSM-enabled DNS Server to Address Manager, the HSM server port and IP address will be discarded. Neither Address Manager nor the HSM-enabled DNS Server will attempt to connect to the HSM server once network connectivity is restored.
Verifying HSM connectivity
- Log in to Address Manager/DNS Server via SSH.
- Run the following command:
hsm-status.sh
If the HSM is connected properly, Address Manager should return ‘connection status OK’ for each HSM server. Ensure that the number of connection status messages matches the number of HSM servers you configured in the Address Manager user interface.
If you still don't receive output, the HSM server is disconnected. Contact your network administrator to assist in re-connecting the HSM server to the network. Once the HSM server has been re-connected, return to the Address Manager interface to re-add the HSM server.
Re-adding HSM servers to the Security World
With the HSM server re-connected to your network, you must first re-add the HSM servers to the Security World, and re-add the HSM server to each HSM-enabled DNS Server.
To re-add the HSM server to the Security World:
- Select the Administration tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Administration page.
- Under General, click HSM Configurations.
- Under Security World Configuration, click Update Security World for Address Manager.
- Under General, select the previously disconnected HSM server from the list and click Remove. HSM servers can only be removed one at a time. Repeat step 4 to remove multiple HSM servers.
- Click Update.
Address Manager returns you to the HSM configuration information page. Next, you must re-add the HSM servers.
- Under Security World Configuration, click Update Security World for Address Manager.
- Under General, select an HSM server from the HSM Servers drop-down menu and click Add. HSM servers can only be added one at a time. Repeat step 7 to add multiple HSM servers.
- Click Update.
Re-adding HSM servers to HSM-enabled DNS servers
After re-adding the HSM server to the Security World, you must re-add the HSM server for each HSM-enabled DNS Server in your HSM configuration.
To re-add the HSM server to managed HSM-enabled DNS Servers: