Skip to main content
Skip table of contents

EJBCA Cloud AWS CloudHSM Integration Guide


This guide shows how to get the EJBCA Cloud integrated with AWS CloudHSM.

The AWS CloudHSM is the newer offering from AWS based on Marvell, not to be confused with the SafeNet-based AWS CloudHSM Classic. For more information, refer to the AWS CloudHSM User Guide.

This EJBCA Cloud and AWS CloudHSM integration guide includes the topics listed below.

If you already have a CloudHSM cluster configured, proceed to step 4 - Assigning the Security Group to the EJBCA Instance and then 5 - Configure the cloudhsm-client. This will get the EJBCA Cloud instance configured to talk to the CloudHSM cluster so that key creation can begin.

It is necessary to configure the CloudHSM cluster creation and initialization on an EC2 instance that is not an EJBCA instance. The CloudHSM configuration needs sudo access to be completed. Sudo access is not granted to EJBCA instances until after the Wizard setup is complete. Once CloudHSM initialization is completed on another EC2 instance, bring the credentials to EJBCA Cloud configuration wizard and complete EJBCA setup and integration with CloudHSM. For more information, please see the EJBCA Cloud AWS Launch Guide.

Note that users of EJBCA Cloud before 2.6 and EJBCA 7.5.0 need to convert their public keys that were previously stored on the local disk of the EJBCA host and import them into CloudHSM, see CloudHSM Liquidsec Key Conversion.


This EJBCA Cloud Documentation applies for the latest EJBCA Cloud version. To access documentation for previous versions, click EJBCA Cloud Versions in the header.

For the latest EJBCA Enterprise documentation, see EJBCA Documentation.

AWS Documentation

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.