Follow the steps below to use your signed HSM certificate and your CA's issuing certificate to initialize your AWS CloudHSM cluster.

  1. On the AWS CloudHSM consoleUpload the certificates page, do the following:
    1. Next to Cluster certificate, click Upload file and select the HSM certificate that you signed previously. If you completed the steps in the previous 2b - Use OpenSSL to Validate the HSM section, select the file named CustomerSignedHsmCertificate.crt. If you performed these steps on the cloud instance you will need to download them back to a client that has access to the HSM cluster creation wizard.
    2. Next to Issuing certificate, click Upload file and select your CA's issuing certificate. If you completed the steps in the previous section, select the file named customerCA.crt.
      If you used a CA to issue the cluster certificate, provide a certificate chain that begins with the certificate that issued the cluster certificate and ends with the CA's root certificate. The certificate chain must be in PEM format and can contain a maximum of 5000 characters.
    3. Click Upload and initialize.
  2. The wizard initializes the HSM and informs you that the initialization is now in progress. Click refresh to refresh the status.