Introduction
Microsoft Internet Information Services (IIS) for Windows Server is a Web server application. nShield Hardware Security Modules (HSMs) integrate with IIS 10.0 to provide key protection with FIPS-certified hardware. Integration of the nShield HSM with IIS 10.0 provides the following benefits:
-
Uses hardware validated to the FIPS 140 standards.
-
Enables secure storage of the IIS keys.
Product configuration
Entrust has successfully tested the nShield HSM integration with IIS in the following configuration:
Product | Version |
---|---|
Operating System |
Windows 2019 Server |
IIS version |
10.0 |
Supported nShield hardware and software versions
Requirements
Before installing the software, Entrust recommends that you familiarize yourself with the IIS documentation and set-up process, and that you have the nShield documentation available. Entrust also recommends that there is an agreed organizational Certificate Practices Statement and a Security Policy/Procedure in place covering administration of the HSM. In particular, these documents should specify the following aspects of HSM administration:
-
The number and quorum of Administrator Cards in the Administrator Card Set (ACS) and the policy for managing these cards.
-
Whether the application keys are protected by the HSM module key or an Operator Card Set (OCS) protection.
-
Whether the Security World should be compliant with FIPS 140 Level 3.
-
Key attributes such as the key algorithm, key length and key usage.
Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks. |
For more information, see the User Guide for the HSM.