Integrating the Fortanix HSM with the AppViewX

To integrate the Fortanix HSM with the AppViewX:
  1. Login to the AppViewX server on which the AppViewX Cloud Connector is installed.
  2. From the command line interface, navigate to the properties folder. Path: {CC_INSTALLATION_PATH}/deps/properties
  3. Open the hsm file using the following command: 
    vi hsm
  4. Uncomment the following lines: 
    export FORTANIX_PKCS11_CONFIG_PATH= /appviewx/dependencies/hsm/fortanix/pkcs11.conf 
echo "FORTANIX Config Path : $FORTANIX_PKCS11_CONFIG_PATH"
  5. Login to the AppViewX UI using valid credentials.
  6. From the top left corner of the screen, click
  7. From the menu displayed, select Inventory > Device.
    The Device :: ADC page is displayed.
  8. Under the HSM tab, from the navigation pane on the left, select Fortanix.
  9. Click Configure now.
    The Device :: HSM page is updated to display the fields required to integrate Thales-DPoD with the AppViewX SaaS.
  10. In the General Information section, enter/select the following details:
    Field Description
    *Name Enter a name for this integration.
    Description Enter a description for this integration.
    Implementation type Select an implementation type from the options available in the dropdown menu.
    Default Turn on the toggle to make this the default setting.
    *Data center Select the required data center from the list of applicable values in the dropdown menu.
    All * marked fields are mandatory.
  11. In the Vendor specific details section, enter/select the following details:
    Field Description
    *API Key Enter the API key.
    *Key handler name A reference name to create a Master Encryption key in HSM. This enables us to pick the right MEK for crypto operations over KEK.
    *So file The SO file is used to facilitate the communication between the HSM and AppViewX. To upload the .so file:
    1. Click Browse.
    2. Navigate to the location of the .so file.
    3. Select the .so file and click Open.
    *Config file The Config file is used to facilitate the communication between the HSM and AppViewX. To upload the .conf file:
    1. Click Browse.
    2. Navigate to the location of the .conf file.
    3. Select the .conf file and click Open.
    All * marked fields are mandatory.
  12. Click Save.
  13. Scroll to the end of this page to view the table that will be populated with all the details of this HSM. If the HSM has been configured correctly, the Status for the HSM will be set to Available (after checking the encryption and decryption logic). If the Status is Not Available:
    • Check the installation path for the HSM.
    • Ensure that all required permissions have been enabled.
  14. If the implementation type is CSR Generation, refer to the Cert+ User Guide for steps on how to generate a CSR.