Supported Platforms - AWS CloudHSM

Supported Platforms

This topic lists platform support for the AWS CloudHSM Client SDK. The Client SDK includes the following components:

  • The client daemon and command-line tools, cloudhsm_mgmt_util (CMU) and key_mgmt_util (KMU)

  • PKCS #11 library

  • Java Cryptographic Extension (JCE) provider

  • OpenSSL Dynamic Engine

  • Cryptography API: Next Generation (CNG) and key storage providers (KSP) for Windows

The Client SDK provides support for both Linux and Windows, but the PKCS #11 library and most of the providers included in the SDK are for Linux. Typically platform support for items in the SDK match base support, but not always. To determine platform support for a given component, first make sure the platform you want appears in the base section, then check for an exclusion or any other pertinent information in the section for the item.

Here are some things to keep in mind about platform support:

  • Base support is the same as support for the client daemon and command-line tools

  • Any differences from the base support appear in the sections for the PKCS #11 library and providers

  • Support only provided for 64-bit operating systems

Base Platform Support

Support for the client daemon and command-line tools is the same as base platform support.

Linux Support

  • Amazon Linux

  • Amazon Linux 2

    Note

    If you are running AWS CloudHSM client 1.1.1 or earlier on an Amazon Linux 2 EC2 instance, see Known Issues for Amazon EC2 Instances Running Amazon Linux 2.

  • Red Hat Enterprise Linux (RHEL) 6.10+

  • Red Hat Enterprise Linux (RHEL) 7.3+

  • CentOS 6.10+

  • CentOS 7.3+

  • Ubuntu 16.04 LTS

Windows Support

  • Microsoft Windows Server 2012

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Server 2016

PKCS #11 Library

The PKCS #11 library matches Linux support for the client daemon and command-line tools. For more information, see Linux Support.

JCE Provider

The JCE provider requires OpenJDK 1.8 and matches Linux support for the client daemon and command-line tools. For more information, see Linux Support.

  • Requires OpenJDK 1.8

OpenSSL Dynamic Engine

The OpenSSL Dynamic Engine requires OpenSSL 1.0.2[f+] and matches Linux support for the client daemon and command-line tools. For more information, see Linux Support.

  • Requires OpenSSL 1.0.2[f+]

CNG and KSP Providers

The CNG and KSP providers match Windows support for the client daemon and command-line tools. For more information, see Windows Support.

Note

Platform support changes over time. Earlier versions of the CloudHSM Client SDK may not support all the operating systems listed here. Use release notes to determine the operating system support for previous versions of the CloudHSM Client SDK. For more information, see AWS CloudHSM Client and Software Version History.