How to recover a broken HSM connection

If your connection between Trust Protection Platform and your HSM is broken or corrupted, you will need to use the following steps to reconnect, or reconfigure the connection between the two.

You can do this either in the Venafi Configuration Console or using the command line.

To reconfigure the connection between Trust Protection Platform and an HSM using Venafi Configuration Console

  1. On the Venafi server, open the Venafi Configuration Console.

    When the console loads, it will display an error message, saying the connection to the HSM failed to initialize.

    IMPORTANT  When the console opens, only use the console to reconnect the HSM. Do not attempt to use the console to perform other functions until the connection to the HSM has been restored.

  2. Complete the steps to create an HSM connector. For more information, see Creating a HSM connector.

To reconfigure the connection between Trust Protection Platform and an HSM using the command line

  1. On the Venafi server, open a command prompt and browse to the Venafi\Platform directory.

    If you installed Trust Protection Platform in the default directory, you would browse to the following location:

    c:\Program Files\Venafi\Platform

  2. Run the configuration utility (TppConfiguration.exe) with the -hsmpin switch. For example:

    TppConfiguration.exe -hsmpin:<pin>

    NOTE  If you don't include the PIN, the system will prompt you for the PIN in the next step.

    IMPORTANT  The command line process does not validate the HSM PIN or database connection string. If you provide invalid data, you will not get a warning message. If you want to validate the data, use the Venafi Configuration Console interface, which does validate both the HSM pin and the database connection string.

    NOTE  This utility is not designed to move your Venafi server from one database to another. It is intended only for changing credentials and scripting credential changes.

  3. Restart the Venafi Windows services.
  4. Restart the Venafi IIS Application Pools, or perform an IIS Reset.

For more information on using the command line to perform actions in Trust Protection Platform, see Configure the platform using a script through the command line.