Select the HSM tab of the Configuration page to configure the Hardware Security Module (HSM).
After deploying Certificate Authority, you cannot switch between HSM and no-HSM, nor can you alter any HSM configuration set on this page. However, you can still make the changes described in Administrating nShield HSM integration.
Vendor
The identifier of the HSM manufacturer.
Vendor | Description |
|---|---|
none | A built-in software PKCS #11 module (not recommended). |
nshield | An Entrust nShield HSM. See HSM requirements for the supported versions. |
Mandatory: Yes.
OCS (Operator Card Set) passphrase
The passphrase of the operator card set
The OCS must be inserted during the first deployment to create the signing key. There has to be a quorum of 1.
Mandatory: When selecting nShield in Vendor.
The nShield kmdata tar file
Click Choose File to import the kmdata nShield configuration file with .tar extension. For example:
nshield_kmdata.tarMandatory: When selecting nShield in Vendor.