Prerequisites

Make sure to adhere to the below listed prerequisites as they are paramount to continuing with the guide.

PKCS#11 API

• OpenJDK 8
• EJBCA Enterprise 7.x, 8.x, 9.x or EJBCA Community 6.x, 7.x, 8.x or 9.x
• JbossEAP 7.2 or newer
• Securosys PKCS#11 Provider v1.8.x or newer, when using the PKCS#11 API for integration
• CloudHSM Service (HSM as a Service) or Primus HSM, firmware v2.8.21 or newer
• PKCS#11 API licensed

REST API

• EJBCA Enterprise 9.1 or later
• Either:
  • CloudHSM Service (HSM as a Service) or
  • Primus HSM, firmware v2.8.21 or newer, and REST API (Transaction Security Broker)
• REST API licensed

HSM Setup and Configuration

Securosys CloudHSM

Securosys CloudHSM enables near-instant HSM operation by allowing you to quickly select and activate the services and options that best suit your EJBCA deployment.

For an overview of available service packages and configuration options, please visit the Securosys CloudHSM Service page or contact our sales team for personalized assistance.

warning

Ensure the relevant PCKS#11 API or REST API is included and activated in your subscription.

Securosys Primus HSM (on-premises)

When using the PKCS#11 API, configure the Primus HSM for PKCS#11 usage by following the steps in the User Guide.
Alternatively, if you're using the REST API, install the Securosys REST API — a standalone service that enables language-independent integration with Securosys Primus HSMs — as described in the Installation Guide.

warning

Ensure the relevant PCKS#11 API or REST API is licensed and activated on your device.

For general or on-premises Primus HSM hardware, HA Cluster setup and operation in FIPS or Common Criteria certified modes, refer to the corresponding User Guide (account required).