Entrust Technical Integration Guide for Entrust Security Manager 8.1 and SafeNet Luna HSM 5.4

Similar documents
Microsoft IIS Integration Guide

Microsoft SQL Server Integration Guide

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Preface. Limitations. Disclaimers. Technical Support. Luna SA and IBM HTTP Server/IBM Web Sphere Application Server Integration Guide

Preface. Microsoft Office Sharepoint Server 2007 Integration Guide SafeNet, Inc. All rights reserved. Part Number: (Rev A, 06/2009)

Active Directory Rights Management Service Integration Guide

PrivateServer HSM Integration with Microsoft IIS

How To Manage A Password Protected Digital Id On A Microsoft Pc Or Macbook (Windows) With A Password Safehouse (Windows 7) On A Pc Or Ipad (Windows 8) On An Ipad Or Macintosh (Windows 9)

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Apache HTTP Server Integration Guide

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

DIGIPASS CertiID. Getting Started 3.1.0

Integration Guide. CyberArk Microsoft Windows

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Apache HTTP Server

EMC Data Protection Search

How To Use Cmk On An Ipa (Intralinks) On A Pc Or Mac Mac (Apple) On An Iphone Or Ipa On A Mac Or Ipad (Apple Mac) On Pc Or Ipat (Apple

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

PDF Signer User Manual

PrivyLink Cryptographic Key Server *

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Polar Help Desk Installation Guide

Technical Integration Guide for Entrust IdentityGuard 9.1 and Citrix Web Interface using RADIUS

IBM Software Information Management Creating an Integrated, Optimized, and Secure Enterprise Data Platform:

Acronis Storage Gateway

Integration Guide. SafeNet Authentication Client. Using SAC CBA for Check Point Security Gateway

PANO MANAGER CONNECTOR FOR SCVMM& HYPER-V

Configuration Guide. SafeNet Authentication Service AD FS Agent

SafeNet Authentication Manager Express. Upgrade Instructions All versions

Integration Guide. SafeNet Authentication Client. Using SAC with Putty-CAC

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

4.0. Offline Folder Wizard. User Guide

Smart Card Certificate Authentication with VMware View 4.5 and Above WHITE PAPER

Applying Cryptography as a Service to Mobile Applications

BrightStor ARCserve Backup for Linux

Certification Report

SafeNet Cisco AnyConnect Client. Configuration Guide

X.509 Certificate Generator User Manual

Server Installation ZENworks Mobile Management 2.7.x August 2013

Thales ncipher modules. Version: 1.2. Date: 22 December Copyright 2009 ncipher Corporation Ltd. All rights reserved.

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Check Point FDE integration with Digipass Key devices

ncipher Modules Integration Guide for Axway Validation Authority Server 4.11 (Responder)

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Acronis Backup & Recovery 11

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Integration Guide. Microsoft Internet Information Services (IIS) 7.0 and ncipher Modules. Windows Server 2008 (32-bit and 64-bit)

Radius Integration Guide Version 9

Introduction to Version Control in

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Certificate Management

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Public Key Infrastructure (PKI)

IDENTIKEY Server Windows Installation Guide 3.2

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

ORACLE OPS CENTER: PROVISIONING AND PATCH AUTOMATION PACK

IBM Tivoli Remote Control

LumInsight CMS Installation Guide

SafeNet KMIP and Amazon S3 Integration Guide

docs.rackspace.com/api

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

Integration Guide Microsoft Internet Information Services (IIS) 7.5 Windows Server 2008 R2

Subversion Server for Windows

ncipher modules Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services Windows Server bit and 64-bit

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

PrivateServer HSM EKM Provider for Microsoft SQL Server

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

AKIPS Network Monitor User Manual (DRAFT) Version 15.x. AKIPS Pty Ltd

Acronis Backup & Recovery 11.5

Certification Report

Data Protection: From PKI to Virtualization & Cloud

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

Remote Control Tivoli Endpoint Manager - TRC User's Guide

Overview of Luna High Availability and Load Balancing

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Managed Portable Security Devices

Front-Office Server 2.7

IDENTIKEY Server Windows Installation Guide 3.1

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Mobile App User's Guide

EMC Celerra Version 5.6 Technical Primer: Control Station Password Complexity Policy Technology Concepts and Business Considerations

Symantec Managed PKI. Integration Guide for ActiveSync

Host OS Compatibility Guide

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Solid IT Networks - DIR-SDD-1473 Please contact your Solid IT sales rep or dirsales@soliditnetworks.com for a quote specific to your needs

Quick Connect Express for Active Directory

Symantec Protection Engine for Cloud Services 7.0 Release Notes

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Altiris Monitor Pack for Servers 7.1 SP2 from Symantec Release Notes

Alliance Key Manager Cloud HSM Frequently Asked Questions

IBM WEBSPHERE LOAD BALANCING SUPPORT FOR EMC DOCUMENTUM WDK/WEBTOP IN A CLUSTERED ENVIRONMENT

SafeNet Authentication Service

Quest vworkspace Virtual Desktop Extensions for Linux

Transcription:

Entrust Technical Integration Guide for Entrust Security Manager 8.1 and SafeNet Luna HSM 5.4 July 2015

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. You should not act or abstain from acting based upon such information without first consulting a professional. ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS OF THE INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED "AS IS" WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A SPECIFIC PURPOSE. Copyright 2014. Entrust. All rights reserved.

Table of Contents Introduction... 1 Entrust Product Information... 1 Entrust Authority... 1 Partner Product Information... 1 Luna HSM... 1 Integration Overview... 1 Integration Details... 2 Luna HSM 5.4 with Entrust Security Manager 8.1... 2 System Behavior/Limitations... 4 Partner Contact Information... 5 Additional Information... 5 All rights reserved. - i -

Introduction This technical integration guide provides an overview of how to integrate Entrust Security Manager with Luna HSM 5.4 The Entrust/Authority serves as the Certification Authority in an Entrust infrastructure. Although it can operate in software mode, it can optionally use hardware devices where cryptographic operations and key storage are performed. Entrust Product Information Entrust Authority By managing the full lifecycles of certificate-based digital identities, Entrust Authority enables encryption, digital signature and authentication capabilities to be consistently, transparently applied across a broad range of applications and platforms. Partner Product Information Partner Name: SafeNet Inc. Website: www.safenet-inc.com Product Name: Luna HSM Product Version: 5.4 Platform and Service pack: Linux, Windows 2008 R2, Windows 2012 R2 Luna HSM Product description: Luna HSMs are tamper resistant Hardware Security Modules that securely protect key materials within FIPS certified modules. The Luna HSMs come in several configurations and in 3 form factors: Luna SA a scalable 1u rack mountable appliance Luna PCI-E a high performance PCI-E card Luna G5 a small USB-attached HSM for offline root CAs. Integration Overview Entrust Security Manager serves as the Certification Authority in an Entrust infrastructure. When using it in hardware mode, you can use the Luna HSMs for cryptographic operations and key storage. Among the operations performed on hardware devices are: Secure generation, storage and protection of the CA signing private key Signing of certificates and CRL s using the CA signing private key Entrust Authority utilizes the following APIs: PKCS #11. All rights reserved. - 1 -

Integration Details Luna HSM 5.4 with Entrust Security Manager 8.1 Installation Overview This section describes how to integrate new installations of Entrust Authority Security Manager 8.1 with Luna HSMs. Note that in the following discussion, there will be Entrust Authority Security Manager Server, and Luna HSM SA/Luna PCI/Luna G5 configured with Entrust Authority Security Manager Server machine. For the purpose of this discussion, the Entrust system assumes the role of Client to the Luna HSM. Preparing the Luna HSM i. Install the Luna Client software on the Entrust/PKI server prior to the installation of Entrust software. Refer to the SafeNet Luna HSM documentation. ii. Ensure that one HSM Partition is created on the Luna HSM and that it has the appropriate policies for your situation. Refer to the SafeNet Luna HSM documentation. The HSM Partition Password/login secret will be used during the Entrust installation. Confirm that the Luna HSM Partition can be accessed with the HSM Partition Password that you can login to the partition. If you are using a PED-Auth HSM, ensure that the partition is activated. iii. Entrust is 32 bit application so on Windows 2008 R2 & Windows 2012 R2 update chrystoki.ini file to point to 32 bit Luna HSM library. chrystoki.ini is located at C:\Program Files\SafeNet\LunaClient All rights reserved. - 2 -

For example: [Chrystoki2] LibNT= C:\Program Files\SafeNet\LunaClient\win32\cryptoki.dll Installing Entrust Security Manager 8.1 with Luna i. Install Entrust Security Manager 8.1, following Entrust documentation. ii. Run the Entrust Security Manager 8.1 Configuration Utility. At the point where you choose whether to store keys in hardware or in software, select hardware. Point to the Luna HSM library path /usr/safenet/lunaclient/lib/libcryptoki2.so on Linux C:\Program Files\SafeNet\LunaClient\win32\cryptoki.dll on Windows iii. iv. Entrust Configuration Utility presents the option to use SafeNet Luna hardware, and displays the HSM s serial number. Select the correct HSM Continue with the Configuration until complete. v. Initialize Entrust Security Manager following Entrust documentation. vi. vii. Entrust Security Manager detects hardware and requests for the hardware password. Enter the HSM Partition s Partition Password/login secret. Entrust Security Manager generates the CA keys on the Luna HSM. All rights reserved. - 3 -

System Behavior/Limitations 1. While running entsh on RHEL if it gives segmentation fault kindly go to directory /opt/entrust/authdata/ca and execute following command (Note the space between two full stops): #../env_settings.sh 2. Luna 5.4 does not support CAST5-CBC-128 for Database Hardware Encryption Protection. All rights reserved. - 4 -

Partner Contact Information Sales Contact: (800) 533-3958 Support Contact: (800) 545-6608 Please check PSIC for the latest supported version information at: https://www.entrust.com/support/psic/index.cfm Additional Information The SafeNet Luna family of products comprises range of hardware security solutions for digital identity applications. Luna products feature true hardware key management to maintain the integrity of encryption keys. Sensitive keys are created, stored, and used exclusively within the secure confines of the Luna hardware security module (HSM) to prevent compromise. To learn more about the SafeNet Luna SA product, view the following web site link where additional product information can be found: http://www.safenet-inc.com/hardware_security_modules/lunasa.aspx All rights reserved. - 5 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information