本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
若要與 AWS CloudHSM 叢集中的 HSM 互動,您需要適用於 Linux 的 AWS CloudHSM 用戶端軟體。應該將此軟體安裝到您先前建立的 Linux EC2 用戶端執行個體。如果是使用 Windows,您也可以安裝用戶端。如需詳細資訊,請參閱 安裝和設定 AWS CloudHSM 用戶端。
安裝用 AWS CloudHSM 戶端和命令列工具
Connect 線至用戶端執行個體並執行下列命令,以下載並安裝 AWS CloudHSM 用戶端和命令列工具。
- Amazon Linux
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-latest.el6.x86_64.rpm
sudo yum install ./cloudhsm-client-latest.el6.x86_64.rpm
- Amazon Linux 2
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm
- CentOS 7
-
sudo yum install wget
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm
- CentOS 8
-
sudo yum install wget
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm
sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm
- RHEL 7
-
sudo yum install wget
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm
- RHEL 8
-
sudo yum install wget
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm
sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm
- Ubuntu 16.04 LTS
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client_latest_amd64.deb
sudo apt install ./cloudhsm-client_latest_amd64.deb
- Ubuntu 18.04 LTS
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client_latest_u18.04_amd64.deb
sudo apt install ./cloudhsm-client_latest_u18.04_amd64.deb
編輯用戶端組態
您必須先編輯用 AWS CloudHSM 戶端組態,才能使用用戶端連線至叢集。
編輯用戶端組態
-
將您的發行憑證 (您使用此憑證來簽署叢集憑證) 複製到用戶端執行個體上的這個位置:/opt/cloudhsm/etc/customerCA.crt
。您的用戶端執行個體上需要有執行個體根使用者許可,才能將憑證複製到此位置。
-
使用下列 configure 命令來更新用 AWS CloudHSM 戶端和命令列工具的組態檔,並指定叢集中 HSM 的 IP 位址。若要取得 HSM 的 IP 位址,請在AWS CloudHSM 主控台中檢視叢集,或執行命describe-clusters AWS CLI 令。在命令輸出中,HSM 的 IP 地址是 EniIp
欄位的值。如果您有多個 HSM,請選擇任何 HSM 的 IP 地址;任何一個都可以。
sudo /opt/cloudhsm/bin/configure -a <IP address>
Updating server config in /opt/cloudhsm/etc/cloudhsm_client.cfg
Updating server config in /opt/cloudhsm/etc/cloudhsm_mgmt_util.cfg
-
前往 啟用叢集。