Since SecurityServer release 4.10, the CryptoServer HSM can also authenticate against the user/host application. Thus, your application running in an AWS VM can be sure to talk to the right HSM. To enable this feature, export the public HSM authentication key to a file:
|
›_ Console |
|---|
|
We recommend to perform this operation on-premise, as close as possible to the HSM, and to copy the resulting file to the VM. On the VM, set the environment variable CS_AUTH_KEYS to the file path.
Now, each time an application wants to authenticate against the HSM, the HSM also needs to authenticate against the application (“mutual authentication”). You can check by renaming or moving the file or by changing the CSxxxxxx number in the file - an error will occur when you try csadm Login….