Skip to content

Commit 15d62c8

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #2237 from msmbaldwin/phsm-misc
update
2 parents 9988b9c + 0aae37a commit 15d62c8

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

articles/payment-hsm/known-issues.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,12 +44,12 @@ For more information and a workaround, see [Thales support portal KB0028943](htt
4444

4545
## TLS certificates aren't removed during HSM release
4646

47-
When you execute the RELEASE function from the payShield Manager to fully zeroize the payShield Cloud HSM to factory state, the process removes all HSM settings except for loaded TLS certificates. This bug was addressed in payShield HSM base release version 2.1a 2100 0000 (1.15.0) and later. For more information, see [Thales support portal KB0030122](https://supportportal.thalesgroup.com/csm?sys_kb_id=cce73e702b39ba14cdc1f87df291bfcc&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=2d58b23c3bf1ba10381ecfaf55e45abe&sysparm_article=KB0030122) (sign-in required).
47+
In payShield HSM firmware versions earlier than 2.1a (1.15.0), executing the RELEASE function from payShield Manager to fully zeroize the payShield Cloud HSM to factory state removes all HSM settings except loaded TLS certificates. For more information, see [Thales support portal KB0030122](https://supportportal.thalesgroup.com/csm?sys_kb_id=cce73e702b39ba14cdc1f87df291bfcc&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=2d58b23c3bf1ba10381ecfaf55e45abe&sysparm_article=KB0030122) (sign-in required).
4848

4949
> [!NOTE]
5050
> The residual TLS certificates after the RELEASE/RECLAIM operation are public certificates and pose no security risk.
5151
52-
**Resolution**: Thales fixed this bug in payShield HSM firmware version 2.1a 2100 0000 (1.15.0) and later.
52+
**Resolution**: Thales fixed this issue in payShield HSM firmware version 2.1a (1.15.0) and later. For devices where certificates aren't manually removed before release, an automated mitigation cleans residual certificates as part of the payment HSM resource deletion process.
5353

5454
**Recommended actions**:
5555
- For firmware versions earlier than 2.1a (1.15.0), run the `SV` command on the virtual console to view certificates, and then use the `SD` command to delete any remaining certificate data.

0 commit comments

Comments
 (0)