Integrate the Entrust PKI Hub and the Entrust nShield HSM

Make the Entrust PKI Hub server a client of the HSM

  1. Using the HSM front panel, add the IP of the Entrust PKI Hub server as a client of the HSM.

  2. Present the OCS card from section install-entrust-hsm.adoc#create-the-ocs to the HSM through the front panel card reader.

Configure the Entrust PKI Hub

  1. Login into the Entrust PKI Hub Management Console web GUI as explained in Starting up the Management Console .

  2. In the content pane, under Certificate Authorities, select Manage Solution.

  3. Leave the Import configuration and Enable Advanced Configuration toggle switches in the default off position. Then select Next.

  4. In the Database tab, enter the database information create in section Deploy Entrust PKI Hub. Then select Next.

    For example:

    configure pkihub 1

  5. In the HSM tab, enter the HSM information. In the RFS text box, enter the IP of the RFS, or server (no pre-existing Entrust nShield HSM infrastructure). Then select Next.

    For the Key unique identifier, a name of your choice, only lowercase alphanumeric characters are allowed.

    For example:

    configure pkihub 2

  6. In the General tab, enter the PKI Hub hostname or IP. Then select Validate. Correct any detected configuration error until the Validate option displays no warnings.

    For example:

    configure pkihub 3

  7. Select Submit.

    configure pkihub 4

  8. Select Deploy. In the Confirmation pop-up window select Yes. After a few minutes, the configuration with the Entrust nShield HSM completes.

    For example:

    configure pkihub 5