Log in to the internal HSM of the Excrypt Touch
The configurations in this section require you to be logged in to the internal HSM on the Excrypt Touch. To log in, perform the following steps:From the Excrypt Touch Dashboard, open the Excrypt Touch menu by touching the vertical black bar on the right side of the screen and swiping left.
In the Excrypt Touch menu, select or touch the User Management icon in the upper-right corner, then select [ Login ] in the User Management drop-down menu.
Configure HTTP Proxy (Optional)
The Excrypt Touch supports configuring an HTTP Proxy for outbound connections from the Excrypt Touch. To configure a proxy, perform the following steps:Open the Excrypt Touch menu and select the Network icon (which looks like a WiFi symbol), and select Proxy Settings.
Create a new connection profile
Perform the following steps to create a new connection profile:From the Excrypt Touch Dashboard, select Add Device represented by the plus sign located underneath your active servers on the left.
In the Add Device window, enter the required information:
- Name: An appropriate device name, such as
VirtuCrypt BYOK (UAT). - Host: The host URL, such as
austin.byok-uat.virtucrypt.com. - Description: Optional field to describe your device.
- Port:
1050 - Enabled: Select Require Login from the drop-down menu.
- Device Type: Select either Excrypt SSP Enterprise v.2 or Excrypt Plus from the drop-down menu, depending on which applies to your situation.
- Connection Type: Select Futurex Web from the drop-down menu.
- Connection Mode: Select either BYOK (Server Authenticate), BYOK (SANs Authenticate), or BYOK (Anonymous). If you are unsure which to choose, ask the VirtuCrypt support engineer assigned to your case.
- PKI Tree: Select the User connection method in the drop-down menu to use user-provided PKI certificates.
- TLS Tree:
- Select the name of the PKI Tree where you imported the TLS certificates in the previous section.
- Check the desired TLS Ciphers and Minimum TLS Version
After entering all the required information, select [ SUBMIT ].
You are returned to the Excrypt Touch Dashboard where your newly added device profile displays in the list of devices and services, highlighted in dark grey. Additionally, the device details for the currently selected device are displayed in the Overview column on the right side of the Dashboard.
Start the BYOK profile and connect
Perform the following steps to start the VirtuCrypt BYOK profile and connect:To start the VirtuCrypt BYOK (UAT) Connection Profile, select the arrow next to the device profile.
The Excrypt Touch brings the device online and moves it to the ONLINE column.
Now that the device is online, you can access the application manager for that device and communicate with the device as needed for BYOK. Select [ GO ] in the right column to access the connected device.
When the device landing page opens, notice that all Encryption Device Groups you may manage are shown in the left menu.
Select one of the Encryption Device Groups in the left menu, which pulls up a log-in prompt. Log in to the device group with your administrator identities (for example, Admin1 and Admin2).
A device screen opens with various options, such as User Management and Smart Cards.The Major Keys box is grayed out if you selected a vHSM device group. For host HSM device groups, users can manage major keys.
Selecting Working Keys presents a menu, where you can perform various key-related tasks and manage the key table.
Selecting Certificates & Requests presents a menu, where you can generate new key pairs, trusted public keys, and certificate signing requests (CSRs), as well as import certificates.
Selecting Generate Components presents the following menu, where you can generate key components and key fragments.
Selecting Smart Cards presents a menu, where you can change smart card PINs and PUKs or reset the smart card.