13.5.6 Using netHSM for the Signing Key Pair

netHSM is a Hardware Security Module (HSM) from nCipher. The module is attached to the network and provides cryptographic resources for multiple servers. Keys stored in a netHSM keystore are secure because the key material can never be exposed outside of the module.

Access Manager has not been tested with any other HSM products. It supports only netHSM module from nCipher.

Figure 13-1 illustrates a simple netHSM configuration with an Identity Server as a netHSM client.

Figure 13-1 A Simple netHSM Configuration

You to use netHSM to store and manage the signing key pair of Identity Server. You must use Administration Console to store and manage other Access Manager certificates. Access Manager uses the Java Security provider of the netHSM server to interact with the netHSM server.

This section describes the topics:

NOTE:This implementation uses a single netHSM signing certificate. For information about how to use multiple signing certificates, see Using Multiple External Signing Certificates.