本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# 安裝和設定 KMU (Linux) 的 AWS CloudHSM 用戶端
<a name="kmu-install-and-configure-client-linux"></a>

若要使用 key\$1mgmt\$1util (KMU) 與 AWS CloudHSM 叢集中的硬體安全模組 (HSM) 互動，您需要 Linux 的 AWS CloudHSM 用戶端軟體。應該將此軟體安裝到您先前建立的 Linux EC2 用戶端執行個體。如果是使用 Windows，您也可以安裝用戶端。如需詳細資訊，請參閱[安裝和設定 KMU 的 AWS CloudHSM 用戶端 (Windows)](kmu-install-and-configure-client-win.md)。

**Topics**
+ [步驟 1. 安裝 AWS CloudHSM 用戶端和命令列工具](#kmu-install-client)
+ [步驟 2. 編輯用戶端組態](#kmu-edit-client-configuration)

## 步驟 1. 安裝 AWS CloudHSM 用戶端和命令列工具
<a name="kmu-install-client"></a>

連接至您的用戶端執行個體並執行下列命令，以下載並安裝 AWS CloudHSM 用戶端和命令列工具。

------
#### [ Amazon Linux ]

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-latest.el6.x86_64.rpm
```

```
sudo yum install ./cloudhsm-client-latest.el6.x86_64.rpm
```

------
#### [ Amazon Linux 2 ]

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
```

```
sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm
```

------
#### [ CentOS 7 ]

```
sudo yum install wget
```

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
```

```
sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm
```

------
#### [ CentOS 8 ]

```
sudo yum install wget
```

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm
```

```
sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm
```

------
#### [ RHEL 7 ]

```
sudo yum install wget
```

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
```

```
sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm
```

------
#### [ RHEL 8 ]

```
sudo yum install wget
```

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm
```

```
sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm
```

------
#### [ Ubuntu 16.04 LTS ]

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client_latest_amd64.deb
```

```
sudo apt install ./cloudhsm-client_latest_amd64.deb
```

------
#### [ Ubuntu 18.04 LTS ]

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client_latest_u18.04_amd64.deb
```

```
sudo apt install ./cloudhsm-client_latest_u18.04_amd64.deb
```

------

## 步驟 2. 編輯用戶端組態
<a name="kmu-edit-client-configuration"></a>

您必須先編輯 AWS CloudHSM 用戶端組態，才能使用用戶端連線至叢集。

**編輯用戶端組態**

1. 將您的發行憑證 ([您使用此憑證來簽署叢集憑證](initialize-cluster.md#sign-csr)) 複製到用戶端執行個體上的這個位置：`/opt/cloudhsm/etc/customerCA.crt`。您的用戶端執行個體上需要有執行個體根使用者許可，才能將憑證複製到此位置。

1. 使用下列 [configure](configure-tool.md) 命令來更新 AWS CloudHSM 用戶端和命令列工具的組態檔案，並在叢集中指定 HSM 的 IP 地址。若要取得 HSM 的 IP 地址，請在 [AWS CloudHSM 主控台](https://console.aws.amazon.com/cloudhsm/)中檢視您的叢集，或執行 **[describe-clusters](https://docs.aws.amazon.com/cli/latest/reference/cloudhsmv2/describe-clusters.html)** AWS CLI 命令。在命令輸出中，HSM 的 IP 地址是 `EniIp` 欄位的值。如果您有多個 HSM，請選擇任何 HSM 的 IP 地址；任何一個都可以。

   ```
   sudo /opt/cloudhsm/bin/configure -a <IP address>
   	
   Updating server config in /opt/cloudhsm/etc/cloudhsm_client.cfg
   Updating server config in /opt/cloudhsm/etc/cloudhsm_mgmt_util.cfg
   ```

1. 前往 [在 中啟用叢集 AWS CloudHSM](activate-cluster.md)。