Integrate the Entrust Cryptographic Security Platform PKI Hub and the Entrust nShield HSM
Make the Entrust Cryptographic Security Platform PKI Hub server a client of the HSM
-
Using the HSM front panel, add the IP of the Entrust Cryptographic Security Platform PKI Hub server as a client of the HSM.
-
Present the OCS card from Install and configure the Entrust nShield HSM to the HSM through the front panel card reader.
Configure the Entrust Cryptographic Security Platform PKI Hub
-
Log in into the Entrust Cryptographic Security Platform PKI Hub Management Console web GUI as explained in Starting up the Management Console in the Cryptographic Security Platform PKI Hub documentation.
-
In the content pane, under Certificate Authorities, select Manage Solution.
-
Leave the Import configuration and Enable Advanced Configuration toggle switches in the default off position. Then select Next.
-
In the Database tab, enter the database information from Deploy Entrust Cryptographic Security Platform PKI Hub. Then select Next.
For example:
-
In the HSM tab, enter the HSM information. ..For Vendor: Select nShield. ..For OCS (Operator Card Set) passphrase: Enter the passphrase for the OCS card being used. ..For The nShield kmdata tar file**:
You need to create a tar file containing the Key Management data directory (
kmdata) of the HSM and supply that file here. Run this shell command in the server with thekmdatadirectory where the HSM was configured.% sudo tar -cf x.tar -C /opt/nfast kmdata.Then copy the
kmdata.tarto your host so you can upload it here. .. Then select Next.+
For example:
-
In the General tab, enter the Entrust Cryptographic Security Platform PKI Hub hostname or IP.
For example:
-
Select Submit. If everything is accepted, it should take you to the Deployment page.
-
Select Deploy. In the Confirmation pop-up window select Yes. After a few minutes, the configuration with the Entrust nShield HSM completes.
For example:
