Checking HSM Configuration

Before configuring EzSign with an HSM it is worth performing a quick check that everything is working as expected and all libraries and passwords are correct

The steps below outline some steps that can be taken to verify everything is ready to go


HSM Status

The nCipher HSMs provide several commands for verifying the setup is correct

These utilties are normally located at (On UNIX)



Or on windows:

    C:\Program Files (x86)\nCipher\nfast\bin


First run the enquiry command e.g. On Unix from a shell run:



On Windows, from a Command Prompt, run:



The output will be split into several sections:



    Module #1:


And if there is more than one module configured you will also see headings for these, e.g.:

  Module #2:




The key things to note are that each of the module entries are showing:

  mode      operational


If there are no entries beneath the Server heading, first try starting the hardserver.  On Unix:

    /opt/nfast/sbin/init.d-ncipher start


On Windows, start the nFast Server service


HSM Test Tool

If all looks OK, download the Krestfield HSM Test tool from here:


Run the tool as follows:

From a UNIX shell:

    > ./

From a Windows Command Prompt:



    > Krestfield HSM Test Tool


    Enter PKCS#11 library path > /opt/nfast/toolkits/pkcs11/    <-- Enter the full path to the PKCS#11 library


    PKCS#11 Token: Loading the PKCS#11 library: /opt/nfast/toolkits/pkcs11/

    PKCS#11 Token: Loaded PKCS#11 Driver /opt/nfast/toolkits/pkcs11/ OK

    HSM Driver loaded OK


    There are 2 slots:


    Slot: 0


      manufacturerID: nCipher Corp. Ltd              


      hardwareVersion: 0.00

      firmwareVersion: 0.00


    Slot: 1

      slotDescription: SFHSMTTOCS                                                     

      manufacturerID: nCipher Corp. Ltd              


      hardwareVersion: 0.00

      firmwareVersion: 0.00


    Select Slot > 1 <-- Enter the slot number - normally 1 if an operatore card set is in use


    PKCS#11 Token: Opening session...

    PKCS#11 Token: Opened session for slot 1 OK

    HSM Session Opened OK.  Session ID: 2251


    Enter HSM OCS Passphrase > <-- Enter the operator cardset password and press enter


    PKCS#11 Token: Password provided, attempting logon...

    PKCS#11 Token: Logged on to Token


    Logged in OK.  Configuration is good


This tool performs the same operations to connect to the HSM as EzSign.  Therefore, if you see this success message, translating the values entered above into the following properties: 

    channel.1.tokenType=This must be set to PKCS11
    channel.1.token.password=Set this as the operator password (as entered above) via the Management Utility
    channel.1.token.pkcs11.library=Set this to be the same path as entered above
    channel.1.token.pkcs11.slot=Set this to be the same number slot as entered above



Should result in a successfull HSM setup

Contact Us

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Call: 020 8938 3616

Krestfield Limited, International House, 24 Holborn Viaduct, London, EC1A 2BN

Sales & Support

Should you need any help with any of Krestfield's products, or wish to make any suggestions, please contact us.



Latest News


Version 2.1.0 released


Version 4.1.2 released


Our Mission

To create secure, highly available, easy to use products that are priced fairly

Please publish modules in offcanvas position.