Configure nShield Hardware Security Modules
This topic describes how to set up Hardware Security Modules (HSM) from Entrust (formerly nCipher) for use with the Gateway.
This section describes how to set up Hardware Security Modules (HSM) from Entrust for use with the
Layer7 API Gateway. Learn more:
Gateway version 10.1 Users
nShield HSM users who plan to upgrade to Gateway version 10.1 or higher MUST upgrade their nShield client to version 12.70.4. If you are upgrading to 10.1 for the first time, the Gateway version 10.1 .L7P patch file shall automatically uninstall any older versions of the nShield client software and install the required 12.70.4 version. Users are advised to review nShield Solo/Connect configuration information to make any required changes as necessary for their Gateway setup. For example, additional configuration is required for the system.properties and ssg.security files for nShield HSMs connected to Gateway version 10.1.
nShield HSM users that require their nShield HSM to run in FIPS mode are advised
NOTto upgrade to Gateway version 10.1 per this Known Issue.
nShield Firmware Compatibility
nShield HSM users are advised to consult nShield documentation and/or support to update HSM firmware as appropriate:
- Connect XC and Solo XC users must upgrade their nShield firmware to version 12.50.11 or newer.
- Solo+ users running on Oracle X7 machines or older must upgrade their nShield firmware to version 12.50.8 or newer.
Layer7 API Gatewaydoes not currently support AES-GCM when using an nShield Hardware Security Module with a custom FIPS level 3 security world.
The instructions provided on this site rely on configuration from Entrust and may change without notice. For complete instructions on the nShield Solo and the nShield Connect, refer to the user documentation from nCipher: www.entrust.com/
The acquisition and compilation of the nShield driver provided by nShield is at Customer's sole discretion and entirely subject to the terms of that third-party provider.