To configure the Gemalto Safenet HSM Luna SA 5.4 client on a issuing CA:

first read the Configuration Guide and go to the chapter 7:

create and exchange certificates from Windows systems, to configure a Network Trust Link with your Luna SA appliance:

a) register the HSM certificate (server) with the Windows client

c:\program files\safenet\lunaclient\

vtl addServer -n hsmnetname.mydomain.local -c hsmcert.pem

b) create a Windows client certificate

c:\program files\safenet\lunaclient\

vtl createCert -n issuingCAname

the client certificate is installed under c:\program files\safenet\lunaclient\cert\client directory

c) send the client certificate to the HSM device manager:

pscp “c:\Program Files\SafeNet\LunaClient\cert\client\issuingCAname.pem”
You must scp to the admin account on the HSM appliance, or the client certificate will not register

d) register the client certificate to an HSM server:

lunash:> client register -client issuingCAname -hostname issuingCAname
e) assign a client to an HSM partition:
lunash:> client assignPartition client issuingCAname -partition myPartition1
f) verify the configuration:
c:\program files\safenet\lunaclient\
vtl verify
 d) to create a HA group on the client;
first the client and server must be configured, and a common HSM partition password must set on the two HSM devices
then configure the HA on the client using the commands:
vtl haAdmin show

vtl haadmin newgroup -label HAGROUP -serial <partition’s serial number> -password <password’s partition>

vtl haadmin addMember -group HAGROUP -serial <partition’s serial number> -password <password’s partition>

vtl haadmin show