Skip to main content
Skip table of contents

Thales TCT Luna SA

EJBCA and Luna SA HSM Integration

EJBCA supports using the Thales Trusted Cyber Technologies (Thales TCT) Luna SA for Government HSM to secure the private keys for Certification Authorities (CAs).

EJBCA uses Crypto Tokens to manage the keys for signing, decrypting and test functions. With the Thales TCT Luna Client installed and configured, the keys in the Crypto Token can be created and stored in the HSM for higher security.


To configure EJBCA to use the Thales TCT Luna SA HSM, the following perquisites must be met:

  • EJBCA Enterprise installed on a server.
  • Thales TCT Luna Client installed on the server running EJBCA and configured according to the Thales TCT Luna Client installation guide.
  • Thales TCT Luna HSM installed and operational with two partitions created for EJBCA, one each for the Root and Subordinate CAs.
  • Network Trust Link (NTL) established between the Luna Client and the Luna HSM.

For integration instructions, refer to Thales TCT's Integration Guide: PrimeKey EJBCA Enterprise and Luna SA HSM for Government.

Note that the attached integration guide is the revision B of the document, tested on EJBCA and Luna SA Appliance 5.4.7-3, Firmware 6.10.7, Client 5.4.9. For later revisions of the integration guide, refer to Thales Trusted Cyber Technologies Customer Support.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.