Since SecurityServer release 4.10, the CryptoServer HSM can also authenticate against the user/host application. Thus, your application running in an Azure VM can be sure to talk to the right HSM. To enable this feature, export the public HSM authentication key to a file:
|
›_ Console |
|---|
|
We recommend to perform this operation on-premise as close as possible to the HSM and to copy the resulting file to the VM. On the VM, set the environment variable CS_AUTH_KEYS to the file path.
Now, each time an application wants to authenticate against the HSM, the HSM also needs to authen-ticate against the application (“mutual authentication”). You can check by renaming or moving the file or by changing the CSxxxxxx number in the file – an error will occur when you try csadm Login….