Getting started with Keyfactor EJBCA

The quickstart section provides a comprehensive guide outlining the steps necessary to integrate Keyfactor EJBCA with Securosys CloudHSM or on-premises Primus HSMs.

Installing & Configuring Primus PKCS#11 Provider

If you are going to use the legacy PKCS#11 API instead of the Securosys REST API, make sure to install the latest version of the Primus PKCS#11 Provider on the device where EJBCA is already installed.

Follow the instructions in PKCS#11 Provider Installation.

Configure the Primus PKCS#11 Provider by adapting the configuration file primus.cfg according to your set-up.

info

Consult Primus PKCS#11 User Guide - Configuration for configuration file locations.

HSM Setup and Configuration

Follow the instructions provided in HSM Setup and Configuration.

Configure EJBCA Settings

Configure the EJBCA settings to integrate with the Primus PKCS#11 Provider. For more information visit Installation - Configure EJBCA for the Primus PKCS#11 Provider

Create a Crypto Token on the HSM

Deploy the EJBCA with the newly configured settings and integrate the HSM by Creating a New Crypto Token on it that utilizes either the legacy PKCS#11 API or the Securosys REST API.

Installing & Configuring Primus PKCS#11 Provider​

HSM Setup and Configuration​

Configure EJBCA Settings​

Create a Crypto Token on the HSM​

Installing & Configuring Primus PKCS#11 Provider

HSM Setup and Configuration

Configure EJBCA Settings

Create a Crypto Token on the HSM