Other ADC configuration
Generate a key on the HSM.
Use third party tools to create keys on the HSM.
Add an HSM key on the ADC.
Important!The # character is not supported in a key name. If the key name includes this character, the load key operation fails.
To add a Thales Luna HSM key by using the CLI:
At the command prompt, type:
add ssl hsmkey
-hsmType SAFENET -serialNum -password where:
-keyName is the key created on the HSM by using third party tools.
-serialNum is the serial number of the partition on the HSM on which the keys are generated.
Note:For HSM in a high availability setup, use the serial number of the high availability group.
-password is the password of the partition on which the keys are present.
To add a Thales Luna HSM key by using the GUI:
Navigate toTraffic Management>SSL>HSMand add an HSM key. You must specify the HSM Type asSAFENET.
Add a certificate-key pair on the ADC. First use a third party tool to generate a certificate associated with the key. Then, copy the certificate to the /nsconfig/ssl/ directory on the ADC.
Note:The key must be an HSM key.
To add a certkey pair on the ADC by using the CLI:
At the command prompt, type:
add ssl certkey
-cert -hsmkey To add a certkey pair on the ADC by using the GUI:
- Navigate toTraffic Management>SSL.
- In开始, selectInstall Certificate (HSM)and create a certificate-key pair using an HSM key.
Create a virtual server and bind the certificate-key pair to this virtual server.
For information about creating a virtual server, clickSSL virtual server configuration.
For information about adding a certificate-key pair, click添加或更新一个证书密钥ir.
For information about binding a certificate-key pair to an SSL virtual server, clickBind the certificate-key pair to the SSL virtual server.