- Launch Guide
- Quick Start Guide
- Backup Guide
- Restore and Upgrade Guide
- TLS Certificate Generation Guide
- Cluster Configuration Guide
-
Peering to EJBCA Cloud Configuration Guide
- AWS Operating Environment
- EJBCA/SignServer Peering Security Groups
- Generate TLS Certificates for SignServer
- Allow Peer Connections in SignServer
- Peer Connection Configuration
- Creating the Peer Connection
- Allow Peer Connection in SignServer
- Configuring Automatic Generation and Key Renewal over Peers
- Automatically Renewing the Key Binding Key
-
SignServer CloudHSM Integration Guide
- Multiple Crypto Tokens with AWS CloudHSM
- Create a CloudHSM Cluster
- Use OpenSSL to Validate the HSM
- Initialize the CloudHSM
- Assigning Security Group
- Configure the cloudhsm-client
- PKCS11 PIN
- Activate Cluster
- Create a CloudHSM Crypto User
- Create Keystore in HSM with ClientToolBox
- Test with EJBCA ClientToolBox
- Create CryptoToken in SignServer
- Restoring HSM Backup to New Instance
- SignServer Cloud Release Notes
Create a CloudHSM Cluster
AWS CloudHSM provides Hardware Security Modules (HSMs) in a cluster, a collection of individual HSMs that AWS CloudHSM keeps in sync.
When you create a cluster, you specify an Amazon Virtual Private Cloud (VPC) and a Subnet in the Availability Zone (AZ) of your instance. You then create an HSM in your cluster, selecting an Availability Zone (AZ) for the creation of the HSM.
Follow the steps below to create a cluster and an HSM:
- Navigate to the AWS CloudHSM console on https://console.aws.amazon.com/cloudhsm.
- Click Create Cluster.
- In the Cluster configuration section, select the VPC and Subnet in the Availability Zone (AZ) of your SignServer Instance:
- Wait for the cluster creation process to complete:
- Once its completed, the cluster will be in an Uninitialized state. Click Initialize.
Choose an Availability Zone (AZ) to create the HSM in:
Click Create and wait for the HSM to be created. Click refresh
after a few minutes.
Once completed, the wizard will show you the HSM created and allow you to continue by clicking Next:
Links appear to Download a certificate signing request (CSR) from the HSM Cluster to authenticate it.
The certificates are used in the next step, see Use OpenSSL to Validate the HSM.