Before you can create and use keys in your new cluster, create a hardware security module (HSM) user with the AWS CloudHSM CLI For more information, see Understanding HSM User Management Tasks, Getting started with AWS CloudHSM Command Line Interface (CLI), and How to Manage HSM Users.
Note
If using Client SDK 3, use CloudHSM Management Utility (CMU) instead of CloudHSM CLI.
After you create HSM users, you can sign in to the HSM and manage keys using any of these options:
-
Build a C application using the PKCS #11 library
-
Build a Java application using the JCE provider
-
Use the OpenSSL Dynamic Engine directly from the command line
-
Use the OpenSSL Dynamic Engine for TLS offload with NGINX and Apache web servers
-
Use the Key Storage Provider (KSP) for AWS CloudHSM with Microsoft Windows Server Certificate Authority (CA)
-
Use the Key Storage Provider (KSP) for AWS CloudHSM with Microsoft Sign Tool
-
Use the Key Storage Provider (KSP) for TLS offload with Internet Information Server (IIS) web server
