Before you begin:
-
Ensure that the u.trust GP HSM is set up and configured. Ensure the HSM is initialized, reachable, and operational. Refer to the u.trust GP HSM documentation for setup instructions.
-
Ensure that the default administrative credentials are replaced. Replace the default admin user with a secure, custom admin user.
-
Ensure that the Master Backup Key (MBK) is generated and securely stored. The MBK must be created and stored across the HSM devices as per best practices.
-
Ensure that the Supported Operating System is installed. Ensure the host system is running a supported OS as listed in the Tested Versions section (e.g., RHEL 9 or above).
-
Ensure that the Utimaco SecurityServer is installed and configured. The SecurityServer version must match the tested version (e.g., v6.5.0), and the HSM should be accessible via the client tools.
-
Ensure that the PKCS#11 interface is configured and validated. The Utimaco PKCS#11 library (R3 module) must be installed and correctly configured. Verify access to the HSM using tools such as pkcs11-tool.
-
Ensure that the Cloudflare account with Keyless SSL is enabled.
-
Ensure the domain is onboarded to Cloudflare and the Keyless SSL feature is available/enabled in your account.
-
Ensure that the network connectivity and firewall rules are configured.
-
Ensure that port 2407 is open (default GoKeyless service port). Outbound/inbound connectivity between Cloudflare edge and GoKeyless server must be allowed.
-
Ensure there is root/administrative access to the host server. This is required for installing GoKeyless, configuring services, and managing certificates.