Chapter 2: DSM V6100 Hardware Appliance
Configuring a V6100 Appliance
DSM Installation and Configuration Guide
Copyright 2009 - 2020 Thales Group. All rights reserved.
35
Generating the CA and the ACS
1. From your laptop or PC, open a DSM CLI session and log in using the CLI Administrator credentials you set here,
"Configuration tasks" on page 27
.
2. Start the client software on the laptop or PC.
3. Generate a new certificate authority for the DSM and create the ACS. At the prompt, type:
0012:system$ security genca
4. A warning message is displayed informing you that all agent and peer node certificates will need to be resigned
after the new certificate authority is created and that the DSM software will be restarted, type ‘yes’ to generate
the certificate.
WARNING: All Agents and Peer node certificates will need to be re-signed after CA and
server certificate regenerated, and the security server software will be restarted
automatically!
Continue? (yes|no)[no]:yes
5. The following message is displayed. Read it, enter the required information to generate the CA, and ensure the
DSM host name is correct, press enter:
This computer may have multiple IP addresses. All the agents will have to connect to
Security Server using same IP.
Enter the host name of this computer. This will be used by Agents to talk to this Security
Server.
This Security Server host name[<hostname>.com]:
Please enter the following information for key and certificate generation.
What is the name of your organizational unit? []:Engineering
What is the name of your organization? []:Vormetric, Inc.
What is the name of your City or Locality? []:San Jose
What is the name of your State or Province? []:California
What is your two-letter country code? [US]:
What is your email address? []:
What is the validity period of the generated certificate (from 2 to 10 years)? [10]:
Regenerating the CA and server certificates now...
6. You will now create your ACS.
CAUTION
Do not set the number of cards to use in the ACS to more than the number of cards in
your possession. See
for details.
7. You will be prompted to enter the total number of cards to use in the ACS, (N), and the minimum number of cards
required to perform an administrative task (K).
Enter the total number of cards (N) you would like to use in your Administrator Card Set
(ACS).
Note: To create a Security World that meets the requirements of Common Criteria this value
should be at least 3.
This value must be at least 2 and no higher than 64: 2
Enter the number of cards (K) required to authorize an action. This number K is known as
the quorum.
Note 1: The value for K must be less than N. Creating card sets in which K is equal to N is
not allowed because an error on one card would render the whole card set unusable.
Note 2: To create a Security World that meets the requirements of Common Criteria this
