Other ADC configuration

1. Generate a key on the HSM.

   Use third party tools to create keys on the HSM.

2. Add an HSM key on the ADC.

   Important!The # character is not supported in a key name. If the key name includes this character, the load key operation fails.

   To add a Thales Luna HSM key by using the CLI:

   At the command prompt, type:

   add ssl hsmkey  -hsmType SAFENET -serialNum  -password 

   where:

   -keyName is the key created on the HSM by using third party tools.

   -serialNum is the serial number of the partition on the HSM on which the keys are generated.

   Note:For HSM in a high availability setup, use the serial number of the high availability group.

   -password is the password of the partition on which the keys are present.

   To add a Thales Luna HSM key by using the GUI:

   Navigate toTraffic Management>SSL>HSMand add an HSM key. You must specify the HSM Type asSAFENET.

3. 添加一个证书密钥对ADC。首先使用一个third party tool to generate a certificate associated with the key. Then, copy the certificate to the /nsconfig/ssl/ directory on the ADC.

   Note:The key must be an HSM key.

   To add a certkey pair on the ADC by using the CLI:

   At the command prompt, type:

   add ssl certkey  -cert  -hsmkey  

   To add a certkey pair on the ADC by using the GUI:

   1. Navigate toTraffic Management>SSL.
   2. In开始, selectInstall Certificate (HSM)and create a certificate-key pair using an HSM key.

4. Create a virtual server and bind the certificate-key pair to this virtual server.

For information about creating a virtual server, clickSSL virtual server configuration.

For information about adding a certificate-key pair, clickAdd or update a certificate-key pair.

For information about binding a certificate-key pair to an SSL virtual server, clickBind the certificate-key pair to the SSL virtual server.