EJBCA and Luna SA HSM Integration

EJBCA supports using the SafeNet AT Luna SA for Government HSM to secure the private keys for Certification Authorities (CAs).

EJBCA uses Crypto Tokens to manage the keys for signing, decrypting and test functions. With the SafeNet AT Luna Client installed and configured, the keys in the Crypto Token can be created and stored in the HSM for higher security.

Prerequisites

To configure EJBCA to use the SafeNet AT Luna SA HSM, the following perquisites must be met:

EJBCA Enterprise installed on a server.
SafeNet AT Luna Client installed on the server running EJBCA and configured according to the SafeNet AT Luna Client installation guide.
SafeNet AT Luna HSM installed and operational with two partitions created for EJBCA, one each for the Root and Subordinate CAs.
Network Trust Link (NTL) established between the Luna Client and the Luna HSM.

For integration instructions, refer to SafeNet AT's Integration Guide: PrimeKey EJBCA Enterprise and Luna SA HSM for Government.

Note that the attached integration guide is the revision B of the document, tested on EJBCA 7.0.1.1 and Luna SA Appliance 5.4.7-3, Firmware 6.10.7, Client 5.4.9. For later revisions of the integration guide, refer to SafeNet AT Support Portal.