AWS CloudHSM provides Hardware Security Modules (HSMs) in a cluster, a collection of individual HSMs that AWS CloudHSM keeps in sync.

When you create a cluster, you specify an Amazon Virtual Private Cloud (VPC) and a Subnet in the Availability Zone (AZ) of your instance. You then create an HSM in your cluster, selecting an Availability Zone (AZ) for the creation of the HSM.

Follow the steps below to create a cluster and an HSM:

  1. Navigate to the AWS CloudHSM console on https://console.aws.amazon.com/cloudhsm.
  2. Click Create Cluster.
  3. In the Cluster configuration section, select the VPC and Subnet in the Availability Zone (AZ) of your SignServer Instance:
  4. Wait for the cluster creation process to complete:
  5. Once its completed, the cluster will be in an Uninitialized state. Click Initialize.
  6. Choose an Availability Zone (AZ) to create the HSM in:
  7. Click Create and wait for the HSM to be created. Click refreshafter a few minutes.
  8. Once completed, the wizard will show you the HSM created and allow you to continue by clicking Next:
  9. Links appear to Download a certificate signing request (CSR) from the HSM Cluster to authenticate it.

  10. The certificates are used in the next step, see Use OpenSSL to Validate the HSM.