Skip to main content

Updating CNG/KSP Provider

In certain cases, the CNG/KSP Provider may need to be updated to benefit from new HSM functionalities.

The update procedure depends on the currently installed versions and the versions to be installed:

Procedure when updating to from …V1.2x (Legacy Installer)V1.3x or newer (MSI Package)
V1.2x or olderUpdate procedure (see Updating from CNG/KSP Provider V1.2x): - uninstall old version
- install new version
- configure KSP again		Upgrade procedure (see Updating from CNG/KSP Provider V1.2x):
- uninstall old version
- install new version
- configure KSP again
V1.3x or newer(downgrade requires deinstallation of the installed provider)Update procedure (see Updating from CNG/KSP Provider V1.3x):
- apply new MSI package (keeps current configuration)

General Prerequisites

  • Download the latest (or required) CNG/KSP Provider and corresponding release notes..
  • Carefully consult the CNG (and HSM) release notes concerning changes, dependencies and incompatibility issues.
  • If upgrading from a version V1.32, consult the Key Accessibility section.
  • Validate the update for application compatibility in a non-productive test environment.
  • Get the necessary administrator rights for the update procedure.
  • Collect any necessary credentials (or people) in case of Windows server restart.
  • Allocate a maintenance slot for the update procedure.

Updating from CNG/KSP Provider V1.3x

  • Apply the new MSI package (interactive or via MS group policy) to update an existing CNG/KSP Provider V1.3x or newer. By default, the existing configuration will be retained.
  • In case of Registry Access Hardening, check/reapply the hardening steps according to this section.

Updating from CNG/KSP Provider V1.2x

Additional Prerequisites

  • Take note of the existing CNG/KSP configuration values of the Securosys "Key Storage Provider Configuration" tool: Identifier, Hostname, Port Number, Priority and Global Parameters.
  • Obtain the HSM (and Proxy) Credentials from your responsible Security Officer (he will eventually generate a new setup password as this credential has limited validity).

Update Procedure

Updating an existing installation requires uninstalling the current CNG/KSP Provider, which may result in the loss of configuration settings and could necessitate a Windows restart.

After a successful uninstall, please proceed with a new installation as shown in the Installation chapter.