To use an Entrust nShield HSM, select this option and configure the following settings.
See HSM requirements for the supported nShield HSM versions.
OCS (Operator Card Set) passphrase
The passphrase associated with the Operator Card Set (OCS) used during the initial deployment to create the signing key within the nShield HSM.
The minimum required quorum is 1.
The nShield kmdata tar file
The kmdata.tar configuration file of the nShield HSM.
The kmdata.tar file contains the key management data and configuration required by the nShield HSM. This file is essential for restoring or deploying the HSM configuration on a new host or during system setup.
To generate and upload the kmdata.tar file
- Run this command in the
kmdatadirectory of an nShield RFS (Remote File System) server.sudo tar -cf kmdata.tar -C /opt/nfast kmdata - Copy the generated
kmdata.tarfile to the PKI Hub host. - Click Choose File under The nShield kmdata tar file and select the
kmdata.tarfile.