Still Need Help?
Contact support using the form below, or call (708) 445-9415.
Hardware Security Modules
For CSfC registration, a CertAgent-based solution must be paired with an approved hardware security module (HSM). While CertAgent should work with any PKCS#11-compatible device, ISC has tested and validated the following HSMs for use with CertAgent:
- Engage Black BlackVault HSM
- Gemalto SafeNet Luna Network, PCIe, and USB HSMs
- Thales nShield Connect HSMs
- Envieta QFlex HSM
*Acala is a software-based HSM that may be used with an "offline" CA.
NOTE: HSM performance can have a direct impact on the responsiveness of CertAgent; slower HSMs may cause long delays and timeouts. This concern may be of critical importance when CertAgent is acting as an OCSP responder as that service requires the HSM to perform at least one additional signature operation for each response.
ISC recommends speaking directly with the CSfC program office about your proposed solution before committing to the purchase of any particular HSM model.
Information on ADA Section 508 Accessibility and Compatibility Features: To better assist users with accessibility needs, CertAgent should be accessed using a Section 508 compatible browser and have any necessary compatible assistive technologies installed and configured per those products' guidance.