Configuring the SafeNet Luna Cloud HSM (DPoD)

For a detailed integration guide, click here

Setting the Environment Variables

  1. Open a cmd prompt as Administrator.

  2. Navigate to the installation folder.

  3. Run setenv.

    • It will create and set the env variable: ChrystokiConfigurationPath with the path of the crystoki.ini.

To configure the SafeNet Key Storage Provider (KSP):

  1. Go to the SafeNet HSM Client installation Directory\KSP directory. If using an HSMoD service, the KSP folder is available in the service client package.

  2. Double-click KspConfig.exe. The SafeNet KSP configuration wizard displays.

  3. Double-click Register or View Security Library on the left side of the pane.

  4. Select Browse.

  5. Select a cryptographic library, such as SafeNet HSM Client installation Directory\cryptoki.dll.

  6. Select Register.

  7. If using an HSMoD service, the cryptographic libraries are available in the service client package. On successful registration, the following message is displayed: Success registering the security library.

  8. Double-click Register HSM Slots on the left side of the pane.

  9. Type the Slot (Partition) password.

  10. Select the Register Slot option to register the slot for Domain\User. On successful registration, the following message is displayed: The slot was successfully and securely registered.

    11. Capitalization matters. The KSP user and Secret Server IIS application pool user should match exactly.

  11. Register the same slot for NT_AUTHORITY\SYSTEM.

  12. If using the HSMoD service, place SafeNetKSP.dll in C:\Windows\System32.

  13. Restart the IIS after registering KSP for changes to take effect.

    After successfully configuring the HSM, you can proceed to enable it. For detailed instructions, click here.