Product Documentation

Limitations

Jun 23, 2016

1) For any changes to the HSM-related configuration in an existing setup, such as adding or removing an HSM, or creating a high availability setup, you must copy “/etc/Chrystoki.conf” to “/var/safenet/config”.

2) After adding, removing, or restarting an HSM, you must restart the “/var/safenet/gateway/safenet_gw” binary. If you don’t restart the gateway binary, the HSM will not serve any traffic after it is added back or after it restarts.

3) To reboot or stop the current “/var/safenet/gateway/safenet_gw” binary, use

  • kill –SIGTERM <PID>
  • kill –SIGINT <PID>

Important! Do not use “kill –9 <PID>” or “kill -6 <PID>”

4) Before removing an existing HSM from the ADC, remove, from the ADC, all the keys and certificate-key pairs that are associated with that HSM. You cannot delete these files from the ADC after you remove the HSM.

5) On a standalone NetScaler appliance, SafeNet HSMs in HA are not supported.

6) EXPORT and DH (ECDHE,DHE,EDH) ciphers are not supported.

7) Update certificate-key pair operation is not supported.

8) When you generate an HSM key on a third-party tool, the private and public key names must be the same. When you add the HSM key on the appliance, provide this name as the key name.

9) The # character is not supported in a key name.

10) Cluster and admin partitions are not supported.