HSM Configuration

AWS KMS & Securosys HSM - Integration Guide

Before installing and configuring the Securosys XKS Proxy, you need to configure your Hardware Security Module (HSM):

Cloud

The following CloudHSM services are already configured:

• CloudHSM Economy (ECO)
• CloudHSM Sandbox (SBX)

No additional action is required. Continue with the Installation Guide

On-premises

If you operate your own Primus HSM and have not yet configured it, please follow the instructions of the initial wizard ensure that the Primus HSM is updated to the following firmware:

• Primus HSM Firmware v2.8.21, v2.11 or higher.

You can download the Securosys Primus HSM firmware from the Securosys Support Portal (login required).

CAUTION

The guide does not cover the initial setup of the Primus HSM. Follow the procedures outlined in Primus HSM device setup with wizard 2.11+. Ensure that the settings align with the TSB requirements as specified in Primus HSM device configuration for TSB.

After completing the initial setup (running the initial wizard), ensure that your HSM has the correct network configuration and can be accessed from the host device where the XKS Proxy will be installed.

Your HSM can be reached through the default JCE port (port: 2300) unless it has been configured differently. Keep in mind that the service may be assigned to one of the four available network interfaces .

Use one of the following commands to ensure a valid network configuration:

:~# telnet 10.10.10.10 2300
:~# ping 10.10.10.10

Continue with the Installation Guide

More content

• Download the Securosys XKS Proxy for AWS (login required)
• Example - Creation of an XKS in AWS KMS
• Example - Generating a .jks domain file