SignServer Cloud CloudHSM Integration Guide

Introduction

This guide is intended to show how to get the SignServer Enterprise Cloud integrated with AWS CloudHSM. The AWS CloudHSM is the newer offering from AWS based on Cavium, not to be confused with the SafeNet-based AWS CloudHSM Classic. For more information, refer to the AWS CloudHSM User Guide.

The SignServer Cloud and AWS CloudHSM integration includes the following and more steps:

• Create a CloudHSM Cluster
• Validate the HSM
• Initialize the CloudHSM
• Assign Security Group
• Configure the CloudHSM Client
• Activate Cluster
• Create CloudHSM Crypto User
• Create Keystore
• Create CryptoToken in EJBCA

If you already have a CloudHSM cluster configured, proceed to the step Assigning the Security Group to the SignServer Instance and then Configure the cloudhsm-client. This will get the SignServer instance configured to talk to the CloudHSM cluster so that key creation can begin.

Documentation

This SignServer Cloud Documentation applies for the latest SignServer Cloud version.

For the latest SignServer Enterprise documentation, see SignServer Documentation.

AWS Documentation

• AWS CloudHSM Documentation

• AWS CloudHSM User Guide