Prerequisites for Microsoft AD CS
- Windows Server 2016 or higher,
- Securosys Primus HSM or CloudHSM firmware v2.8.21 or higher,
- Securosys CNG/KSP Provider v1.45.2 or higher installed and configured
HSM setup and configuration
- Cloud
- On-premises
With Securosys CloudHSM, the HSM are already configured, no further action needed.
Before we proceed with the installation and configuration of the Microsoft AD CS, it is required to configure the Securosys on-premises Primus HSM.
This guide does not cover the initial setup of the Primus HSM. Follow the procedures outlined in Primus HSM device setup with wizard. Ensure that the Primus HSM is updated to the following firmware:
- Primus HSM Firmware v2.8.43 or higher.
You can download the Securosys Primus HSM firmware from the Securosys Support Portal.
After completing the initial setup (running the initial wizard), ensure that the HSM has the correct network configuration and can be accessed from the host device.
Continue to install the CNG provider.