Skip to main content

Primus HSM configuration for XKS

HSM - Device setup and configuration

Before we can install and configure the Securosys XKS Proxy we need to configure the Securosys on-premises Primus HSM.

If you operate your own Primus HSM and have not yet configured it, please follow the instructions of the initial wizard ensure that the Primus HSM is updated to the following firmware:

  • Primus HSM Firmware v2.8.21, v2.11 or higher.

You can download the Securosys Primus HSM firmware from the Securosys Support Portal.

In the CloudsHSM ECO and SBX service this requirement is met and therefore no additional action is required.

CAUTION

The guide does not cover the initial setup of the Primus HSM. Follow the procedures outlined in Primus HSM device setup with wizard 2.11+. Ensure that the settings align with the TSB requirements as specified in Primus HSM device configuration for TSB.

After completing the initial setup (running the initial wizard), ensure that the HSM has the correct network configuration and can be accessed from the host device where the XKS Proxy will be installed. The HSM can be reached through the default JCE port (port: 2300) unless it has been configured differently. Keep in mind that the service may be assigned to one of the four available network interfaces .

Use one of the following commands to ensure a valid network configuration:

:~# telnet 10.10.10.10 2300
:~# ping 10.10.10.10