View PDF
Additional ADC configuration
-
Generate a key on the HSM.
Use third party tools to create keys on the HSM.
-
Add an HSM key on the ADC.
Important! The # character is not supported in a key name. If the key name include this character, the load key operation fails.
To add a Safenet HSM key by using the CLI:
At the command prompt, type:
add ssl hsmkey <KeyName> -hsmType SAFENET -serialNum <serial #> -passwordwhere:
-keyName is the key created on the HSM by using third party tools.
-serialNum is the serial number of the partition on the HSM on which the keys are generated.
Note: For HSM in a high availability setup, use the serial number of the high availability group.
-password is the password of the partition on which the keys are present.
To add a Safenet HSM key by using the GUI:
Navigate to Traffic Management > SSL > HSM and add an HSM key. You must specify the HSM Type as SAFENET.
-
Add a certificate-key pair on the ADC. You must first use a third party tool to generate a certificate associated with the key. Then, copy the certificate to the /nsconfig/ssl/ directory on the ADC.
Note: The key must be an HSM key.
To add a certkey pair on the ADC by using the CLI:
At the command prompt, type:
add ssl certkey <CertkeyName> -cert <cert name> -hsmkey <KeyName>To add a certkey pair on the ADC by using the GUI:
- Navigate to Traffic Management > SSL.
- In Getting Started, select Install Certificate (HSM) and create a certificate-key pair using an HSM key.
-
Create a virtual server and bind the certificate-key pair to this virtual server.
For information about creating a virtual server, click SSL virtual server configuration.
For information about adding a certificate-key pair, click Add or update a certificate-key pair.
For information about binding a certificate-key pair to an SSL virtual server, click Bind the certificate-key pair to the SSL virtual server.