Securosys HSM Configuration

For detailed instructions and specific configuration steps, refer to the documentation provided by Securosys and Secret Server. If you encounter any issues or need further assistance, both companies offer support services to help with the integration process.

Download and install the latest version of MS CNG/KSP Provider:

Install the enclosed msi package.
- Leave the “Launch the Key Storage Provider Configuration” checked.
Select New to create a new connection.
Enter the connection settings and your credentials provided in the support ticket.
Select OK to save the connection settings.
- You should see the connection listed in the connections table.
Select Test connection.
The indicator in the connections table should turn green and have the status OK.

Download the CNG/KSP Provider User Guide from the support site to learn more.

Download and install the latest version of PKCS#11:

Download the latest version of PKCS#11 for Windows or for Linux from the support portal: PKCS#11 Provider (API) Software Downloads.
1. On Windows, launch Primus PKCS#11 .msi.
2. On Linux, follow the section notes as Linux Installation from the Primus HSM PKCS#11 Provider User Guide found on the support website.
When the installation is finished, open primus.cfg for editing.
1. Windows default location is \Program Files\Securosys\PrimusP11\primus.cfg
2. Linux default location is /usr/local/primus/etc/primus.cfg
Configure one HSM by updating the host, port, and username. Remove the proxy_password.
Use ppin utility to connect to the HSM and extract and save the user secret.
1. Run the terminal as an Administrator
2. Change the directory to the PrimusP11 installation path where ppin (Linux) or ppin.exe (Windows) is located
3. Type pin -a -e <YOUR_USERNAME>
4. Enter your setup password and PKCS11 password from the support ticket.
You should see the following message displayed: User has permanent secret configured.

Download the Primus HSM PKCS#11 Provider User Guide from the support site to learn more.