Microsoft IIS: nShield® HSM Integration Guide
[Pages:28]Microsoft IIS
nShield? HSM Integration Guide
Version: 2.5
Date: Wednesday, June 30, 2021
Copyright ? 2019-2021 nCipher Security Limited. All rights reserved.
Copyright in this document is the property of nCipher Security Limited. It is not to be reproduced modified, adapted, published, translated in any material form (including storage in any medium by electronic means whether or not transiently or incidentally) in whole or in part nor disclosed to any third party without the prior written permission of nCipher Security Limited neither shall it be used otherwise than for the purpose for which it is supplied.
Words and logos marked with ? or TM are trademarks of nCipher Security Limited or its affiliates in the EU and other countries.
Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.
Information in this document is subject to change without notice.
nCipher Security Limited makes no warranty of any kind with regard to this information, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. nCipher Security Limited shall not be liable for errors contained herein or for incidental or consequential damages concerned with the furnishing, performance or use of this material.
Where translations have been made in this document English is the canonical language.
nCipher Security Limited Registered Office: One Station Square Cambridge, UK CB1 2GA Registered in England No. 11673268
nCipher is an Entrust company.
Entrust, Datacard, and the Hexagon Logo are trademarks, registered trademarks, and/or service marks of Entrust Corporation in the U.S. and/or other countries. All other brand or product names are the property of their respective owners. Because we are continuously improving our products and services, Entrust Corporation reserves the right to change specifications without prior notice. Entrust is an equal opportunity employer.
2 of 27
Microsoft IIS nShield? HSM Integration Guide
Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Product configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1. Install the nShield HSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2. Install the Security World Software and configure the Security World . . . . . . . . . . 6 2.3. Install IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.4. Install and register the CNG provider. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.5. Create a certificate request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.6. Get the signed certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.7. Install the certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.8. Integrate an nShield HSM with an existing IIS deployment . . . . . . . . . . . . . . . . . . . 24
Contact Us . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Microsoft IIS nShield? HSM Integration Guide
3 of 27
1. Introduction
Microsoft Internet Information Services (IIS) for Windows Server is a Web server application. nShield Hardware Security Modules (HSMs) integrate with IIS 10.0 to provide full key life-cycle management with FIPS-certified hardware and to reduce the cryptographic load on the host server CPU. Integration of the nShield HSM with IIS 10.0 provides the following benefits:
? Uses hardware validated to the FIPS 140-3 standards ? Improves server performance by offloading cryptographic processing ? Enables secure storage of the IIS keys ? Enables management of the full life cycle of the keys
1.1. Product configuration
We have successfully tested the nShield HSM integration with IIS in the following configuration:
Product
Version
Operating System Windows 2019 Server
IIS version
10.0
1.1.1. Supported nShield features
We have successfully tested nShield HSM integration with the following features:
Feature
Support
Softcards
No
Module-only key Yes
OCS cards
Yes
1.1.2. Supported nShield hardware and software versions
We have successfully tested with the following nShield hardware and software versions:
4 of 27
Microsoft IIS nShield? HSM Integration Guide
1.1.2.1. Connect XC
Security World Software
Firmware
12.60.11
12.50.11
Image 12.60.10
OCS
Softcard
Module
1.1.2.2. Connect +
Security World Software
Firmware
12.60.11
12.50.8
Image 12.60.10
OCS
Softcard
Module
1.2. Requirements
Before installing the software, we recommend that you familiarize yourself with the IIS documentation and setup process, and that you have the nShield documentation available. We also recommend that there is an agreed organizational Certificate Practices Statement and a Security Policy/Procedure in place covering administration of the HSM. In particular, these documents should specify the following aspects of HSM administration:
? The number and quorum of Administrator Cards in the Administrator Card Set (ACS), and the policy for managing these cards
? Whether the application keys are protected by the HSM module key or an Operator Card Set (OCS) protection
? Whether the Security World should be compliant with FIPS 140-2 level 3 ? Key attributes such as the key algorithm, key length and key usage.
For more information, see the User Guide for the HSM.
Microsoft IIS nShield? HSM Integration Guide
5 of 27
2. Procedures
Integration procedures include: ? Installing the nShield HSM. ? Installing the Security World Software, and configuring the Security World. ? Installing IIS. ? Install and register the CNG provider ? Creating a certificate request ? Getting the signed certificate ? Installing the certificate. ? Integrate an nShield HSM with an existing IIS deployment
2.1. Install the nShield HSM
Install the HSM and Security World software using the instructions in the Installation Guide for the HSM. We recommend that you do this before installing and configuring IIS.
2.2. Install the Security World Software and configure the Security World
1. Install the latest version of the Security World Software as described in the User Guide for the HSM.
2. Initialize a Security World as described in the User Guide for the HSM. You can also use the CNG Configuration Wizard to create a Security World. If you are using an OCS, to adhere to IIS requirements it must be a 1-of-N with no passphrase, where N is the number of cards in the set.
2.3. Install IIS
To install Microsoft Internet Information Services: 1. Open Server Manager by selecting Start > Server Manager.
6 of 27
Microsoft IIS nShield? HSM Integration Guide
2. Select Manage and then select Add Roles and Features.
3. On the Before you begin screen, select Next.
Microsoft IIS nShield? HSM Integration Guide
7 of 27
4. On the Select installation type screen, ensure the default selection of Role or Feature Based Installation is selected and select Next.
5. On the Server Selection screen, select a server from the server pool and select Next.
8 of 27
Microsoft IIS nShield? HSM Integration Guide
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- masshunter workstation software offline qualitative and
- 05 9780672330568 8 19 10 3 26 pm page 103
- hp storageworks hardware providers administration guide
- hercules operations and utilities guide
- windows powershell step by step
- tact v1 2 6 installation instructions
- dell openmanage deployment toolkit version 2 5 command
- microsoft iis nshield hsm integration guide
Related searches
- microsoft excel guide pdf
- microsoft excel 2010 guide pdf
- microsoft excel 2013 guide pdf
- microsoft excel user guide pdf
- microsoft project 2016 guide pdf
- iis redirect file
- ti 30x iis tutorial
- ti 30 iis simple instructions
- microsoft dynamics user guide 2016
- microsoft onenote 2010 guide pdf
- beginners guide to microsoft word
- microsoft quick reference guide template