Integrate the Entrust Cryptographic Security Platform PKI Hub and the Entrust nShield HSM

Make the Entrust Cryptographic Security Platform PKI Hub server a client of the HSM

  1. Using the HSM front panel, add the IP of the Entrust Cryptographic Security Platform PKI Hub server as a client of the HSM.

  2. Present the OCS card from Install and configure the Entrust nShield HSM to the HSM through the front panel card reader.

Configure the Entrust Cryptographic Security Platform PKI Hub

  1. Log in into the Entrust Cryptographic Security Platform PKI Hub Management Console web GUI as explained in Starting up the Management Console in the Cryptographic Security Platform PKI Hub documentation.

  2. In the content pane, under Certificate Authorities, select Manage Solution.

  3. Leave Import configuration set to its default off position.

  4. Set Enable Advanced Configuration to Yes.

  5. Select Next.

  6. In the Database tab, enter the database information described in Deploy Entrust Cryptographic Security Platform PKI Hub, then select Next.

    You must create a separate database for the solution. Do not use the same database used for deployment of the PKI Hub cluster. For example:

    configure pkihub 1

  7. In the HSM tab, enter the HSM information.

    1. For Vendor: Select nShield.

    2. For OCS (Operator Card Set) passphrase: Enter the passphrase for the OCS card being used.

    3. For The nShield kmdata tar file:

      You need to create a tar file containing the Key Management data directory (kmdata) of the HSM and supply that file here. The file should contain the OCS card files created for the integration. Run this shell command in the server with the kmdata directory where the HSM was configured.

      % sudo tar -cf x.tar -C /opt/nfast kmdata.

      Then copy the kmdata.tar to your host so you can upload it here.

    4. Select Next.

      For example:

      configure pkihub 2

  8. In the General tab, enter the Entrust Cryptographic Security Platform PKI Hub hostname or IP.

    For example:

    configure pkihub 3

  9. Select Submit. If everything is accepted, it should take you to the Deployment page.

    configure pkihub 4

  10. Select Deploy. In the Confirmation pop-up window select Yes. After a few minutes, the configuration with the Entrust nShield HSM completes.

    For example:

    configure pkihub 5