Connecting to a payment cloud HSM with the BYOK app

this section establishes a connection to a cloud payment hsm with the byok application by using the tls certificates that you imported into a pki tree on the excrypt touch in the previous section log in to the internal hsm of the excrypt touch the configurations in this section require you to be logged in to the internal hsm on the excrypt touch to log in, perform the following steps from the excrypt touch dashboard , open the excrypt touch menu by touching the vertical black bar on the right side of the screen and swiping left in the excrypt touch menu, select or touch the user management icon in the upper right corner, then select \[ login ] in the user management drop down menu log in with your administrator identities (such as admin1 and admin2) a message appears at the top of the screen indicating whether the authentication was successful configure http proxy (optional) the excrypt touch supports configuring an http proxy for outbound connections from the excrypt touch to configure a proxy, perform the following steps open the excrypt touch menu and select the network icon (which looks like a wifi symbol), and select proxy settings in the proxy settings menu, enter the proxy ip address, proxy port, and any proxy exceptions, and select \[ save ] create a new connection profile perform the following steps to create a new connection profile from the excrypt touch dashboard , select add device represented by the plus sign located underneath your active servers on the left in the add device window, enter the required information name an appropriate device name, such as virtucrypt byok (uat) host the host url, such as austin byok uat virtucrypt com description optional field to describe your device port 1050 enabled select require login from the drop down menu device type select either excrypt ssp enterprise v 2 or excrypt plus from the drop down menu, depending on which applies to your situation connection type select futurex web from the drop down menu connection mode select either byok (server authenticate) , byok (sans authenticate) , or byok (anonymous) if you are unsure which to choose, ask the {{vc}} support engineer assigned to your case if you configured a proxy, you must use the byok (server authenticate) connection type pki tree select the user connection method in the drop down menu to use user provided pki certificates tls tree select the name of the pki tree where you imported the tls certificates in the previous section check the desired tls ciphers and minimum tls version after entering all the required information, select \[ submit ] you are returned to the excrypt touch dashboard where your newly added device profile displays in the list of devices and services, highlighted in dark grey additionally, the device details for the currently selected device are displayed in the overview column on the right side of the dashboard start the byok profile and connect perform the following steps to start the {{vc}} byok profile and connect to start the virtucrypt byok (uat) connection profile, select the arrow next to the device profile the excrypt touch brings the device online and moves it to the online column now that the device is online, you can access the application manager for that device and communicate with the device as needed for byok select \[ go ] in the right column to access the connected device when the device landing page opens, notice that all encryption device groups you may manage are shown in the left menu select one of the encryption device groups in the left menu, which pulls up a log in prompt log in to the device group with your administrator identities (for example, admin1 and admin2) a device screen opens with various options, such as user management and smart cards the major keys box is grayed out if you selected a vhsm device group for host hsm device groups, users can manage major keys selecting working keys presents a menu, where you can perform various key related tasks and manage the key table selecting certificates & requests presents a menu, where you can generate new key pairs, trusted public keys, and certificate signing requests (csrs), as well as import certificates selecting generate components presents the following menu, where you can generate key components and key fragments selecting smart cards presents a menu, where you can change smart card pins and puks or reset the smart card selecting user management presents a menu, where you can add new hsm identities, change identity passwords, delete identities, and register u2f credentials