Skip to main content

Updating CNG/KSP Provider

In some cases, the CNG/KSP Provider requires updating to use new HSM functionality. The update procedure depends on the versions already installed and to be installed:

Procedure when updating to from …V1.2x (Legacy Installer)V1.3x or newer (MSI Package)
V1.2x or olderUpdate procedure (see Updating from CNG/KSP Provider V1.2x): - uninstall old version
- install new version
- configure KSP again		Upgrade procedure (see Updating from CNG/KSP Provider V1.2x):
- uninstall old version
- install new version
- configure KSP again
V1.3x or newer(downgrade requires deinstallation of the installed provider)Update procedure (see Updating from CNG/KSP Provider V1.3x):
- apply new MSI package (keeps current configuration)

General Prerequisites

  • Download the latest (or required) CNG/KSP Provider and corresponding release notes from the Securosys support portal.
  • Carefully consult the CNG (and HSM) release notes concerning changes, dependencies and incompatibility issues.
  • If upgrading from a version V1.32, consult Key Accessibility regarding key accessibility.
  • Validate the update for application compatibility in a non-productive test environment.
  • Obtain the necessary administrator rights for the update procedure.
  • Obtain any necessary credentials (or people) in case of Windows server restart.
  • Allocate a maintenance slot for the update procedure.

Updating from CNG/KSP Provider V1.3x

  • Apply the new MSI package (interactive or via MS group policy) to update an existing CNG/KSP Provider V1.3x or newer. By default, the existing configuration will be retained.
  • In case of Registry Access Hardening : check/reapply the hardening steps according to Registry Access Hardening.

Updating from CNG/KSP Provider V1.2x

Additional Prerequisites

  • Take note of the existing CNG/KSP configuration values of the Securosys "Key Storage Provider Configuration" tool: Identifier, Hostname, Port Number, Priority and Global Parameters.
  • Obtain the HSM (and Proxy) Credentials from your responsible Security Officer (eventually he will generate a new setup password as this credential has limited validity)

Update Procedure

Updating an existing installation currently requires uninstallation of the present CNG/KSP Provider, thus losing any configuration settings and requesting (sometimes) a Windows restart. After a successful uninstall proceed with a new installation as shown in chapter Installation.