Introduction
Microsoft Internet Information Services (IIS) for Windows Server is a Web server application. Entrust nShield Hardware Security Modules (HSMs) integrate with IIS to provide key protection with FIPS-certified hardware. Integration of the nShield HSM with IIS provides the following benefits:
-
Uses hardware validated to the FIPS 140-2 and FIPS 140-3 standards.
-
Enables secure storage of the IIS keys.
Product configuration
Entrust has successfully tested the nShield HSM integration with IIS in the following configuration:
Product | Version |
---|---|
Operating System |
Windows 2025 Server |
IIS version |
10.0 |
Supported nShield hardware and software versions
Entrust successfully tested with the following nShield hardware and software versions:
Product | Security World Software | Firmware | Netimage |
---|---|---|---|
nShield 5c |
13.6.11 |
13.6.11 |
|
Connect XC |
13.6.11 |
13.6.7 |
Supported nShield features
Entrust has successfully tested nShield HSM integration with the following features:
Feature | Support |
---|---|
Module-Only key |
Yes |
OCS cards |
Yes 1 |
Softcards |
No |
nSaaS |
Yes |
1 OCS without a passphrase and 1/N quorum must be used.
Requirements
-
Knowledge of your organization Certificate Practices Statement and a Security Policy / Procedure in place covering administration of the HSM.
-
Access to the Entrust TrustedCare Portal.
-
An Entrust nShield HSM.
-
A dedicated Windows server.
-
Network environment with usable ports 9004 and 9005 for the HSM.
Familiarize yourself with the nShield Documentation.
-
The importance of a correct quorum for the Administrator Card Set (ACS).
-
Whether Operator Card Set (OCS) protection or Softcard protection is required.
-
If OCS protection is to be used, a 1-of-N quorum must be used.
-
Whether your Security World must comply with FIPS 140 Level 3 or Common Criteria standards. If using FIPS 140 Level 3, it is advisable to create an OCS for FIPS authorization. For more information see FIPS 140 Level 3 compliance.
-
Whether to instantiate the Security World as recoverable or not.