Configure the HSM
This step is only needed for on-premise Primus HSM setups. Skip this step if you are using CloudHSM.
This page gives an overview of how to configure a Primus HSM to prepare it to be used with the KMIP Server. For full details and for exact steps, please see the Primus HSM User Guide.
This guide assumes that you have done the basic setup of the HSM, have completed the Initial Wizard, defined your networking settings, and have Security Officer (SO) roles configured.
Step 1: Create a Partition
Create a Partition that the KMIP Server can use. Note down the Setup Password.
For detailed instructions, see Section 5.5 "User (Partition)" of the Primus HSM User Guide.
Step 2: Configure the Device
In the Device Security Config, enable the JCE API.
Additionally, make sure that the Root Key Store is set up. For detailed instructions, see Section 6 "Attestation and Audit (Device, User, Key)" of the Primus HSM User Guide.
Step 3: Configure the Partition
In the User Security Configuration of your Partition, enable User Configuration, JCE, and KMIP.
For details, see Section 3.9 "Individual User Configuration" and Section 4 "Menu Structure" of the Primus HSM User Guide.
- PSO
- UI
- Console
User Config ➜ Edit ➜ (setting)
For the following settings:
- User Configuration
- JCE
- KMI Protocol
Setup ➜ Configuration ➜ Security ➜ User Security ➜ (User) ➜ (setting)
For the following settings:
- User Configuration
- JCE
- KMI Protocol
hsm_user_enter_config
hsm_user_set_config use_usr_cnf=true
hsm_user_set_config jce=true
hsm_user_set_config kmi_protocol=true
hsm_user_list_config jce
hsm_user_exit_config