Troubleshooting

Troubleshooting the Securosys Docker Image Signing Plugin

Testing Plugin connectivity

Use this command to see if the connection by the plugin to the Securosys CloudHSM / Primus HSM via TSB can be established and to obtain statistic, with sample output:

./notation-securosys check-connection 

HSM Connectivity

NOTE

When utilizing CloudHSM service, refer to Cloud Connectivity Details for accurate API-Endpoint URI. For on-premise deployments, verify API-Endpoint URI with your administrator. Contact your service administrator for authentication credentials in any setup (on-prem or cloud).

Testing TSB connectivity

Connectivity to the TSB can be tested using the curl command below or via swaggerUI. This test does not verify the connectiviity with the HSM infrastrustructure. Adapt <TSB_APIendpoint>, <yourBearerToken> for your environment:

curl -X
    'GET' '<TSB_APIendpoint>/v1/versionInfo' \   
    -H 'accept: application/json' \
    -H 'Authorization: Bearer <yourBearerToken>'

Testing complete communication path

Connectivity through the TSB to the HSM infrastructure can be tested using the curl command below or via swaggerUI. Adapt <TSB_APIendpoint>, <yourBearerToken> for your environment:

curl -X
    'GET' '<TSB_APIendpoint>/v1/licenseInfo' \   
    -H 'accept: application/json' \
    -H 'Authorization: Bearer <yourBearerToken>'

Troubleshooting Primus HSM

Additional information can be obtained by reviewing the HSM logs.

• To review the HSM logs of your on-premises Primus HSM please refer to the Securosys Primus HSM User Guide chapter 4.7.

More Troubleshooting

Further troubleshooting can be done via the Notation, or by reviewing the HSM logs.

• To review the HSM logs of your on-premises Primus HSM please refer to Securosys Primus HSM User Guide,

• To view how to troubleshoot Notation please visit: Notary Notation Troubleshooting.