Configuring HSM - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Product name
BlueCat Integrity

This section describes the step-by-step process of setting up HSM in Address Manager: from creating an HSM configuration, configuring the Security World, and enabling HSM on DNS Servers, to deploying DNS with a DNSSEC-HSM signing policy.

For details on managing HSM in Address Manager, including editing and deleting HSM servers, managing the Security World, disabling HSM on DNS Servers, and editing and deleting DNSSEC-HSM signing policies, refer to Working with HSM.

Ensure you have completed the necessary requirements before attempting to create or edit any HSM configurations. For details, refer to HSM requirements.

Configuring DNSSEC-HSM in Address Manager requires you to complete these steps in the following order:

  1. Create an HSM configuration.
  2. Add HSM servers to an HSM configuration.
  3. Configure the HSM Security World.
  4. Join Address Manager to the Security World.
  5. Enable HSM on DNS Servers.
    1. OPTIONAL: HSM with xHA.
  6. Create a DNSSEC-HSM signing policy.
  7. Assign the DNSSEC-HSM signing policy.
  8. Deploy DNS with a DNSSEC-HSM signing policy.