Hardware Security Modules

The CILogon CA uses SafeNet Luna SA hardware security modules (HSMs) certified at FIPS 140 level 3 and operated in FIPS 140 level 3 mode to protect CA private keys. CILogon uses the MyProxy CA software, which connects to the HSMs via the OpenSSL Engine interface, on Linux servers.

We make the following documentation regarding our HSM configuration and operations publicly available in case it will be helpful to other CA operators:

TAGPMA also maintains an HSM Info page for CA operators.