Quickstart
The quickstart section provides a comprehensive guide outlining the steps necessary to integrate Microsoft AD CS with on-premises Primus HSM or Securosys CloudHSM. For more detailed instructions consult the Installation and Tutorial sections.
Prerequisites
Make sure to adhere to the prerequisites needed. For more details visit Prerequisites.
The Primus HSM must be configured and licensed to work with CNG API. With the CloudHSM ECO and SBX service this requirement is met and therefore no additional action is required.
Installing and configuring Primus CNG Provider
Download and install and configure the Primus CNG/KSP HSM Provider.
To download and for more details please visit Primus CNG/KSP HSM Provider.
Select Microsoft AD CS Cryptographic Provider
To integrate the Securosys HSM with Microsoft Active Directory Certificate Services the Primus KSP/CNG Provider must be specified. This is usually done during installation of the Certificate Authority and can be done either via Graphical User Interface (GUI) or the Command Line Interface (CLI). For more information visit Installation.
An example selection is shown within the Standalone Root CA setup:
- Select the
RSA#Securosys Primus HSM Key Storage Provideralong with the key type, key length and suitable hash algorithm. Please consider that some older devices and applications only support key lengths up to 2048 bit.
Example AD CS Setup
Within this guide we provide an example setup on how to install and configure a Standalone Root CA as well as an Enterprise Subordinate CA, please see their respective sections for a step by step guide.
These procedures are an example to showcase the integration of Securosys CloudHSM or on-premises Primus HSM with Microsoft AD CS. The steps shown are not the only way to install and configure your Microsoft AD CS. Please consult with Microsoft for more information and other possible procedures.