Supported HSMs

Thales nFast Connect 6000

To enable debugging, specify the following parameters in /opt/nfast/cknfastrc:

# CKNFAST_OVERRIDE_SECURITY_ASSURANCES=weak_des;silent;tokenkeys;explicitness
CKNFAST_DEBUG=9
CKNFAST_DEBUGFILE=/tmp/nethsm.log

Then restart the service:

$ /etc/init.d/nc_hardserver restart

Gemalto Luna SA

To enable RSA key generation add the following parameter in /etc/Chrystoki.conf:

Misc = {
   RSAKeyGenMechRemap = 1;
}

Nitrokey HSM

See Nitrokey HSM.

SoftHSM

See SoftHSM.

HSM Failover

See Configuring HSM Failover.

References

• NSS
• PKCS11
• OpenSSL Integration Guide