Skip to main content
Skip table of contents

YubiHSM 2

The HSM type described on this page is not officially supported by EJBCA even though it may be successfully integrated with EJBCA. For a list of HSMs supported by the different EJBCA deployment types, see Supported Hardware Security Modules (HSMs).

The YubiHSM, an HSM version of the Yubikey from Yubico, integrates with EJBCA for a range of public key infrastructure (PKI) use cases. For more information, refer to the Yubico guide YubiHSM 2 for EJBCA Deployment Guide [External Link].

You can use multiple YubiHSMs with a single library, accessing them by different Slot IDs.

  • Create one yubihsm-connector config file per HSM, each config listening on a different TCP port.

  • Start the yubihsm-connector service, once for each config files, i.e. multiple services running.

  • Create a yubihsm_pkcs11.conf with two connector statements, e.g.
    connector=http://127.0.0.1:12345 # this will become slot 0
    connector=http://127.0.0.1:12346 # this will become slot 1

  • Set YUBIHSM_PKCS11_CONF=/etc/yubihsm_pkcs11.conf so it is available to WildFly

  • Restart WildFly and configure Crypto Tokens in EJBCA using yubihsm_pkcs11.so and Slot ID 0 and 1.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close