Before you start

5min

before you start, ensure your environment conforms to the following specifications supported hardware {{vectera}} , 7 2 x x and later guardian series 3, 6 1 6 x and later if you have not already set up the {{guard}} (such as configuring the network, loading major keys, and so on), refer to the relevant administrator guide for instructions on setting up a new guardian device preconditions for configuring futurex device group with the guardian series 3 to connect client {{futurex}} hsms for management by the {{guard}} , make sure to meet the following preconditions for all involved hsms the following sections use {{futurex}} certificates, preloaded on every unit, to connect the {{guard}} to hsms there is a private key and associated signed certificate, which is signed under a {{futurex}} tls ca tree in conjunction with a client certificate signed under the same ca, you can use these certificates for secure communications with one of our units without needing to generate and manage certificates on a customer managed ca preconditions for client futurex hsms keep the following considerations in mind ensure your hsm is network attached with a configured ip address and an ethernet cable plugged into a local area network you must load a major key onto the hsm when using user certificates this precondition does not apply when using {{futurex}} certificates if using transport layer security (tls) between the hsm and the {{guard}} , you must enable the proper tls settings on the hsm when establishing a mutually authenticated connection, ensure these settings match on the guardian if they do not match, selecting this connection type fails to add the device to the group the hsm must be signed using the same root certificate as the {{guard}} this happens automatically when using {{futurex}} certificates the hsm must have the same date and time settings as the {{guard}} and other units in the device group the date and time settings automatically sync when you sign in to the device group on the guardian, so you don't need extra user configuration all hsms in the device group must be the same model, firmware version, and feature set preconditions for guardian series 3 to add a client {{futurex}} hsm to a device group, meet the following preconditions the {{guard}} must be network attached, configured with a configured ip address, and plugged into a local area network with an ethernet cable you must load a major key onto the {{guard}} when using user certificates this precondition does not apply when using {{futurex}} certificates if using transport layer security (tls) between the {{guard}} and hsm, you must enable the proper tls settings on the guardian when establishing a mutually authenticated connection, ensure these settings match on all the client hsms if they do not match, selecting this connection type fails to add the device to the group the {{guard}} must be signed using the same root certificate as the client hsm devices this happens automatically when using {{futurex}} certificates the {{guard}} must have the same date and time settings as all hsms in the device group the date and time settings automatically sync when you sign in to the device group on the guardian, so you don't need extra user configuration you must enable the guardian required host api commands

Guardian Series 3: Configure HSMs for PKCS #11 Integrations

Use the Guardian Series 3 to configure HSMs for PKCS #11 integrations