Getting started with Keyfactor EJBCA

The quickstart section provides a comprehensive guide outlining the steps necessary to integrate Keyfactor/PrimeKey EJBCA with Securosys CloudHSM or on-premises Primus HSM.

Installing & Configuring Primus PKCS#11 Provider

Install the latest version of Primus PKCS#11 Provider on the device with the Keyfactor/PrimeKey EJBCA already installed.

Follow the instructions in PKCS#11 Provider Installation.

Configure the Primus PKCS#11 provider by adapting the configuration file primus.cfg according to your set-up.

info

Consult Primus PKCS#11 User Guide - Configuration for configuration file locations.

HSM Setup and Configuration

Follow the instructions provided in HSM Setup and Configuration.

Configure EJBCA Settings

Configure the EJBCA settings to integrate with the Primus PKCS#11 provider. For more information visit Installation - EJBCA Settings

Configure New Crypto Token

Deploy the EJBCA with the newly configured settings and Integrate the HSM by Configuring a New Crypto Token.

Generate RSA Keys

Generate cryptographic objects which will be used by the new Certificate Authority (CA). For more information, see Keyfactor/PrimeKey EJBCA Documentation.

Create a New Certificate Authority (CA)

Create a new Certificate Authority and configure it with the previously created crypto token and keys. For more information on EJBCA Certificate Authority setup and best practices, follow Keyfactor/PrimeKey EJBCA Documentation.

Installing & Configuring Primus PKCS#11 Provider​

HSM Setup and Configuration​

Configure EJBCA Settings​

Configure New Crypto Token​

Generate RSA Keys​

Create a New Certificate Authority (CA)​