MX <--> Server General Port Information

Note: This info obviously does not apply for desktop printers. According to the desktop printer
solution, needs may vary (for instance, CDI accesses port 1500 on the server for the EMV stack in
many configurations while Card Wizard has a number of potential configurations).

Regarding HSM configuration, here is a detailed step-by-step breakdown

1) Unbox the HSM. If it is an external SafeNet/Gemalto appliance device, make sure never
to lose the key in the shipping container that fits into the “Tamper” slot. However, the
HSM should NOT be set to tamper, except when wiping keys or receiving specific
instruction to do so. All other software and Chip reader in the box should not be
needed for the purpose of installation.
2) Physically rack, connecting a monitor and keyboard (mouse optional). Connect an
ACTIVE Ethernet network cable to Eth 0 port (first Ethernet NIC port)
3) Power on to boot up HSM. The default user is root and the default password is
password for purpose of login.
4) Once logged in, the following sequence of commands can be taken at the prompt.
Please type them exactly, including spaces:

--to set IP address

cd /etc/sysconfig/network-scripts
vi ifcfg-eth0
·1 Hit the ‘I’ key to enter Insert mode
·2 Modify the IPADDR and NETMASK values to be proper static value for HSM device
·3 Hit the ‘Esc’ key to exit Insert mode
·4 Type ‘:wq’ (without the ticks/quotes) and press enter to save file. Note: Typing ‘:q!’
lets you exit without saving if you make a mistake.

--to verify results were saved

cat /etc/sysconfig/network-scripts/ifcfg-eth0

--to set HOSTNAME and default GATEWAY

cd /etc/sysconfig
vi network
·5 Hit the ‘I’ key to enter Insert mode
·6 Modify/add the HOSTNAME and GATEWAY values to be proper static value for HSM
device. Your HSM may not need a gateway if the server is on the same subnet.
·7 Hit the ‘Esc’ key to exit Insert mode
·8 Type ‘:wq’ (without the ticks/quotes) and press enter to save file. Note: Typing ‘:q!’
lets you exit without saving if you make a mistake.

--to verify results were saved

cat /etc/sysconfig/network

--to enable remote HSM reset

echo ET_HSM_NETSERVER_ALLOW_RESET=Always > /etc/default/et_hsm
--to verify file was created
cat /etc/default/et_hsm

--to reboot HSM

reboot

--login as root again

--to validate IP Configuration. Make sure IP returned from this command is correct.
ifconfig

--to logout but leave HSM running

exit

--note: Windows server using this HSM will generally need system environment variable
ET_HSM_NETCLIENT_HEARTBEAT=ON
--note: If this is a “PS2” HSM and is on a different network segment than the server,
follow the instructions for modifying the GRUB configuration that are in
Gemalto/SafeNet "PSE_Grub_Configuration" document.