本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 在 Linux 上升级 AWS CloudHSM 客户端 SDK 3
<a name="client-upgrade"></a>

****  
 SDK 版本 5.8.0 和更早版本已达到其终止支持时间。2025 年 3 月 31 日之后，SDK 版本 3.4.4 和更早版本的文档将不再可用。

在 AWS CloudHSM Client SDK 3.1 及更高版本中，客户端守护程序的版本和您安装的任何组件都必须匹配才能升级。对于所有基于 Linux 的系统，必须使用单个命令、通过相同版本的 PKCS \#11 库、Java 加密扩展 (JCE) 提供程序或 OpenSSL 动态引擎，批量升级客户端进程守护程序。此要求不适用于基于 Windows 的系统，因为客户端进程守护程序包已包含 CNG 和 KSP 提供程序库的二进制文件。

## 检查客户端进程守护程序版本
<a name="check-client-version"></a>
+ 在基于 Red Hat 的 Linux 系统（包括 Amazon Linux 和 CentOS），使用以下命令：

  ```
  rpm -qa | grep ^cloudhsm
  ```
+ 在基于 Debian 的 Linux 系统上，使用以下命令：

  ```
  apt list --installed | grep ^cloudhsm
  ```
+ 在 Windows 系统上，使用以下命令：

  ```
  wmic product get name,version
  ```

**Topics**
+ [先决条件](#client-upgrade-prerequisites)
+ [步骤 1：停止客户端进程守护程序](#client-stop)
+ [第 2 步：升级客户端软件开发工具包](#upgrade-commands)
+ [步骤 3：启动客户端进程守护程序](#client-start)

## 先决条件
<a name="client-upgrade-prerequisites"></a>

下载最新版本的 AWS CloudHSM 客户端守护程序并选择您的组件。

**注意**  
您无需安装所有的组件。对于已安装的每个组件，必须升级该组件来匹配客户端进程守护程序的版本。

### 最新的 Linux 客户端进程守护程序
<a name="download-client"></a>

------
#### [ Amazon Linux ]

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-latest.el6.x86_64.rpm
```

------
#### [ Amazon Linux 2 ]

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
```

------
#### [ CentOS 7 ]

```
sudo yum install wget
```

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
```

------
#### [ CentOS 8 ]

```
sudo yum install wget
```

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm
```

------
#### [ RHEL 7 ]

```
sudo yum install wget
```

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
```

------
#### [ RHEL 8 ]

```
sudo yum install wget
```

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm
```

------
#### [ Ubuntu 16.04 LTS ]

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client_latest_amd64.deb
```

------
#### [ Ubuntu 18.04 LTS ]

```
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client_latest_u18.04_amd64.deb
```

------

### 最新的 PKCS \#11 库
<a name="download-pkcs11"></a>

------
#### [ Amazon Linux ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-pkcs11-latest.el6.x86_64.rpm
```

------
#### [ Amazon Linux 2 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-pkcs11-latest.el7.x86_64.rpm
```

------
#### [ CentOS 7 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-pkcs11-latest.el7.x86_64.rpm
```

------
#### [ CentOS 8 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-pkcs11-latest.el8.x86_64.rpm
```

------
#### [ RHEL 7 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-pkcs11-latest.el7.x86_64.rpm
```

------
#### [ RHEL 8 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-pkcs11-latest.el8.x86_64.rpm
```

------
#### [ Ubuntu 16.04 LTS ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client-pkcs11_latest_amd64.deb
```

------
#### [ Ubuntu 18.04 LTS ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client-pkcs11_latest_u18.04_amd64.deb
```

------

### 最新的 OpenSSL 动态引擎
<a name="download-openssl"></a>

------
#### [ Amazon Linux ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-dyn-latest.el6.x86_64.rpm
```

------
#### [ Amazon Linux 2 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-dyn-latest.el7.x86_64.rpm
```

------
#### [ CentOS 7 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-dyn-latest.el7.x86_64.rpm
```

------
#### [ RHEL 7 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-dyn-latest.el7.x86_64.rpm
```

------
#### [ Ubuntu 16.04 LTS ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client-dyn_latest_amd64.deb
```

------

### 最新的 JCE 提供程序
<a name="download-java"></a>

------
#### [ Amazon Linux ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-jce-latest.el6.x86_64.rpm
```

------
#### [ Amazon Linux 2 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-jce-latest.el7.x86_64.rpm
```

------
#### [ CentOS 7 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-jce-latest.el7.x86_64.rpm
```

------
#### [ CentOS 8 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-jce-latest.el8.x86_64.rpm
```

------
#### [ RHEL 7 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-jce-latest.el7.x86_64.rpm
```

------
#### [ RHEL 8 ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-jce-latest.el8.x86_64.rpm
```

------
#### [ Ubuntu 16.04 LTS ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client-jce_latest_amd64.deb
```

------
#### [ Ubuntu 18.04 LTS ]

```
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client-jce_latest_u18.04_amd64.deb
```

------

## 步骤 1：停止客户端进程守护程序
<a name="client-stop"></a>

使用以下命令停止客户端进程守护程序。

------
#### [ Amazon Linux ]

```
$ sudo stop cloudhsm-client
```

------
#### [ Amazon Linux 2 ]

```
$ sudo service cloudhsm-client stop
```

------
#### [ CentOS 7 ]

```
$ sudo service cloudhsm-client stop
```

------
#### [ CentOS 8 ]

```
$ sudo service cloudhsm-client stop
```

------
#### [ RHEL 7 ]

```
$ sudo service cloudhsm-client stop
```

------
#### [ RHEL 8 ]

```
$ sudo service cloudhsm-client stop
```

------
#### [ Ubuntu 16.04 LTS ]

```
$ sudo service cloudhsm-client stop
```

------
#### [ Ubuntu 18.04 LTS ]

```
$ sudo service cloudhsm-client stop
```

------

## 第 2 步：升级客户端软件开发工具包
<a name="upgrade-commands"></a>

以下命令显示了升级客户端进程守护程序和组件所需的语法。在运行此命令之前，请删除所有您不打算升级的组件。

------
#### [ Amazon Linux ]

```
$ sudo yum install ./cloudhsm-client-latest.el6.x86_64.rpm \
              {{<./cloudhsm-client-pkcs11-latest.el6.x86_64.rpm>}} \
              {{<./cloudhsm-client-dyn-latest.el6.x86_64.rpm>}} \
              {{<./cloudhsm-client-jce-latest.el6.x86_64.rpm>}}
```

------
#### [ Amazon Linux 2 ]

```
$ sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm \
              {{<./cloudhsm-client-pkcs11-latest.el7.x86_64.rpm>}} \
              {{<./cloudhsm-client-dyn-latest.el7.x86_64.rpm>}} \
              {{<./cloudhsm-client-jce-latest.el7.x86_64.rpm>}}
```

------
#### [ CentOS 7 ]

```
$ sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm \
              {{<./cloudhsm-client-pkcs11-latest.el7.x86_64.rpm>}} \
              {{<./cloudhsm-client-dyn-latest.el7.x86_64.rpm>}} \
              {{<./cloudhsm-client-jce-latest.el7.x86_64.rpm>}}
```

------
#### [ CentOS 8 ]

```
$ sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm \
              {{<./cloudhsm-client-pkcs11-latest.el8.x86_64.rpm>}} \              
              {{<./cloudhsm-client-jce-latest.el8.x86_64.rpm>}}
```

------
#### [ RHEL 7 ]

```
$ sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm \
              {{<./cloudhsm-client-pkcs11-latest.el7.x86_64.rpm>}} \
              {{<./cloudhsm-client-dyn-latest.el7.x86_64.rpm>}} \
              {{<./cloudhsm-client-jce-latest.el7.x86_64.rpm>}}
```

------
#### [ RHEL 8 ]

```
$ sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm \
              {{<./cloudhsm-client-pkcs11-latest.el8.x86_64.rpm>}} \
              {{<./cloudhsm-client-jce-latest.el8.x86_64.rpm>}}
```

------
#### [ Ubuntu 16.04 LTS ]

```
$ sudo apt install ./cloudhsm-client_latest_amd64.deb \
              {{<cloudhsm-client-pkcs11_latest_amd64.deb>}} \
              {{<cloudhsm-client-dyn_latest_amd64.deb>}} \
              {{<cloudhsm-client-jce_latest_amd64.deb>}}
```

------
#### [ Ubuntu 18.04 LTS ]

```
$ sudo apt install ./cloudhsm-client_latest_u18.04_amd64.deb \
              {{<cloudhsm-client-pkcs11_latest_amd64.deb>}} \
              {{<cloudhsm-client-jce_latest_amd64.deb>}}
```

------

## 步骤 3：启动客户端进程守护程序
<a name="client-start"></a>

使用以下命令启动客户端进程守护程序。

------
#### [ Amazon Linux ]

```
$ sudo start cloudhsm-client
```

------
#### [ Amazon Linux 2 ]

```
$ sudo systemctl start cloudhsm-client
```

------
#### [ CentOS 7 ]

```
$ sudo systemctl start cloudhsm-client
```

------
#### [ CentOS 8 ]

```
$ sudo systemctl start cloudhsm-client
```

------
#### [ RHEL 7 ]

```
$ sudo systemctl start cloudhsm-client
```

------
#### [ RHEL 8 ]

```
$ sudo systemctl start cloudhsm-client
```

------
#### [ Ubuntu 16.04 LTS ]

```
$ sudo systemctl start cloudhsm-client
```

------
#### [ Ubuntu 18.04 LTS ]

```
$ sudo systemctl start cloudhsm-client
```

------
#### [ Ubuntu 20.04 LTS ]

```
$ sudo systemctl start cloudhsm-client
```

------