To use a Thales Luna HSM, select this option and configure the following settings.
See HSM requirements for the supported Thales Luna HSM versions.
Supported Signing Algorithms
The list of signing algorithms that the application can use when interacting with the HSM. This parameter is a comma-separated list of algorithm identifiers. For example:
RSAPKCS15,RSAPSS,ECDSA,MLDSA,MLDSA_DATAThe algorithms listed must be supported by both the HSM firmware and the application.
Token Label
The label of the HSM token that contains the private key for certificate signing.
HSM PIN
The PIN (Personal Identification Number) of the HSM.
Files
Copy the following files to the Cryptographic Security Platform host and click Choose File to import them.
Do not change the file names, as they are referenced by the Chrystoki.conf configuration file.
Field | Default file path | Description |
|---|---|---|
Server CA File | <client>/cert/server/server.pem | The CA certificate of the Thales Luna HSM server |
Client Private Key File | <client>/cert/client/clientKey.pem | The private key of the Thales Luna HSM client |
Client Certificate File | <client>/cert/client/clientCert.pem | The certificate of the Thales Luna HSM client |
Chrystoki Configuration File | <client>/config/Chrystoki.conf | The configuration file of the Thales Luna HSM client |
Where <client> is the path of the Thales Luna installation folder.