Configuring the Entrust nShield HSM
  • 13 Jan 2025
  • 1 Minute à lire
  • Sombre
  • PDF

Configuring the Entrust nShield HSM

  • Sombre
  • PDF

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

The Entrust nShield HSM needs to be configured for the following:

  1. To use the correct networking settings (netHSM IP, subnet mask, default gateway).
  2. To connect to the OneSpan Authentication Server instance and use it as a client. To create the keys and upload the SEE module, the permissions of the client should be set to Privileged, and nToken should be NO. You can set the connection type to unprivileged after the configuration.

For instructions on how to set these configurations, refer to the nShield Connect Quick Start Guide packaged with your HSM.

In addition to configuring the HSM, you will also need to create an Operator Card Set (OCS). The OCS is needed to help protect the SEE code signing key. This signing key allows the OneSpan Authentication Server instance (i.e. the SEE machine) to sign in as a Security World client.

On a Security World compliant with FIPS 140-2 Level 3 (or FIPS 3), an Administrator Card Set (ACS) is required to authorize the creation of an OCS. The ACS is also provided with your Entrust nShield HSM.

The easiest way to create an OCS is via the Cards wizard of the KeySafe utility. This utility is located in /opt/nfast/bin/ksafe.

For detailed instructions to create an OCS, refer to the nShield Connect and netHSM User Guide, Section "Managing card sets and softcards".

Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle