- Configure your hardware security module. For more information, see the Amazon documentation.
- Download the AWS CloudHSM software library for Java version 3.1.2, install it,
and move the
Cloudhsm-3.1.2.jarfile from the /opt/cloudhsm/java/ directory to the deploy directory on the PingAccess system. For more information, see the Install and Use the AWS CloudHSM Software Library for Java procedure. If 3.1.2 is not the latest version of CloudHSM, you can download it from the Client and Software Version History.
- Verify that you are using Oracle Java SE Runtime Environment (Server JRE) 8.
- Verify that your PingAccess deployment is running in the same AWS EC2 instance as the CloudHSM client.
- Click Security and then go to .
- Click + Add HSM Provider.
- In the Name field, enter a name for the HSM provider.
- From the Type list, select AWS CloudHSM Provider.
- In the User field, enter a user name for connecting to the HSM provider.
- In the Password field, enter a password for connecting to the HSM provider.
- Optional: In the Partition field, enter the partition to use on the HSM provider.
- Click Save.
The following are known issues:
RSASSA-PSSsigning algorithms fail with
Java8u261or later. HSM vendors and core Java use different naming conventions for the
Cloud HSM functionality works in FIPS mode but not in regular mode
To bypass the known issues, a user can edit the
additional.security.jdk.tls.disabledAlgorithmsin the run.properties file. For more information, see the following example: