Linux support Windows support HSM compatibility for Client SDK 3 Components support

Client SDK 3 supported platforms

Client SDK 3 requires a client daemon and offers command-line tools including, CloudHSM Management Utility (CMU), key management utility (KMU), and the configure tool.

Base support is different for each version of the AWS CloudHSM Client SDK. Typically platform support for components in an SDK matches base support, but not always. To determine platform support for a given component, first make sure the platform you want appears in the base section for the SDK, then check for any exclusions or any other pertinent information in the component section.

Platform support changes over time. Earlier versions of the CloudHSM Client SDK may not support all the operating systems listed here. Use release notes to determine the operating system support for previous versions of the CloudHSM Client SDK. For more information, see Downloads for AWS CloudHSM Client SDK.

AWS CloudHSM supports only 64-bit operating systems.

Linux support

Amazon Linux
Amazon Linux 2
CentOS 6.10+ ²
CentOS 7.3+
CentOS 8 ^1,4
Red Hat Enterprise Linux (RHEL) 6.10+ ²
Red Hat Enterprise Linux (RHEL) 7.3+
Red Hat Enterprise Linux (RHEL) 8 ¹
Ubuntu 16.04 LTS ³
Ubuntu 18.04 LTS ¹

[1] No support for OpenSSL Dynamic Engine. For more information, see OpenSSL Dynamic Engine.

[2] No support for Client SDK 3.3.0 and later.

[3] SDK 3.4 is the last supported release on Ubuntu 16.04.

[4] SDK 3.4 is the last supported release on CentOS 8.3+.

Windows support

Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019

HSM compatibility for Client SDK 3

hsm1.medium	hsm2m.medium
Compatible with Client version SDK 3.1.0 and later.	Not supported.

Components support

PKCS #11 library

The PKCS #11 library is a Linux only component that matches Linux base support. For more information, see Linux support.

CloudHSM Management Utility (CMU)

The CloudHSM Management Utility (CMU) command line tool helps crypto officers manage users in the HSMs. It includes tools that create, delete, and list users, and change user passwords. For more information, see CloudHSM Management Utility (CMU).

Key Management Utility (KMU)

The Key Management Utility (KMU) is a command line tool that helps crypto users (CU) manage keys on the hardware security modules (HSM). For more information, see Key Management Utility (KMU).

JCE provider

The JCE provider is a Linux only component that matches Linux base support. For more information, see Linux support.

Requires OpenJDK 1.8

OpenSSL Dynamic Engine

The OpenSSL Dynamic Engine is Linux only component that does not match Linux base support. See the exclusions below.

Requires OpenSSL 1.0.2[f+]

Unsupported platforms:

CentOS 8
Red Hat Enterprise Linux (RHEL) 8
Ubuntu 18.04 LTS

These platforms ship with a version of OpenSSL incompatible with OpenSSL Dynamic Engine for Client SDK 3. AWS CloudHSM supports these platforms with OpenSSL Dynamic Engine for Client SDK 5.

CNG and KSP providers

The CNG and KSP providers is a Windows only component that matches Windows base support. For more information, see Windows support.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Previous Client SDK

Upgrading Client SDK 3