Set up a SafeNet KeySecure keystore

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • If you are using a SafeNet keystore, copy a set of libraries into the proxy distribution directory.

    Before you begin

    Role required: admin

    You must install and set up the SafeNet keystore before performing this step. Secure a license with Thales in order to download the libraries.

    Note:
    For IngrianNAE version 8.12, you must also download the commons-collections.jar file

    About this task

    Note:
    On Linux, file paths use a forward slash (/).

    Procedure

    1. Change to the <installation directory>/conf/ directory, and open the edgeencryption.properties file.
    2. Enter the properties for the SafeNet keystore.
      Note:
      You may configure SafeNet keystore using with username/password authentication or client certificate authentication, but not a combination of both.
      An example for a SafeNet keystore using username and password authentication.
      edgeencryption.nae.retries = 3
edgeencryption.nae.enabled = true
edgeencryption.nae.server = url
edgeencryption.nae.port = 9000
edgeencryption.nae.protocol = ssl
edgeencryption.nae.keystore.path = keystore/safenet_truststore
edgeencryption.nae.keystore.password = password
edgeencryption.nae.user = safenet_user
edgeencryption.nae.password = safenet_password
      An example for a SafeNet keystore using client certificate authentication. This authentication method eliminates the need to store the SafeNet server username and password in the properties file.
      edgeencryption.nae.retries = 3
edgeencryption.nae.enabled = true
edgeencryption.nae.server = url
edgeencryption.nae.port = 9000
edgeencryption.nae.protocol = ssl
edgeencryption.nae.keystore.path = keystore/safenet_clientcert
edgeencryption.nae.keystore.password = password
edgeencryption.nae.client.certificate = cert_name
    3. Add or create a key in the SafeNet keystore.
      You add the key name (alias) on the instance when you assign default keys.
    4. Save and close the edgeencryption.properties file.

    Upgrade from Kingston or lower to London or higher

    If you use a SafeNet NAE server for key storage with Edge, before upgrading the proxy from Kingston or lower to London or higher, you must copy Gemalto SafeNet client ProtectApp JAR files and add new properties.

    Before you begin

    Role required: admin

    About this task

    Note:
    On Linux, file paths use a forward slash (/).

    Procedure

    1. Copy the following files from <installation directory>/lib to the <installation directory>/nae directory:
      • commons-collections<version>.jar
      • ingrianlog4j-api-<version>.jar
      • ingrianlog4j-core-<version>.jar
      • ingrianNAE-<version>.jar
    2. On the current version (not upgraded) of the proxy, update the <installation directory>/conf/edgeencryption.properties file by adding the following two properties:
      • edgeencryption.ekm.provider.classname = com.snc.edgeencryption.encryption.CloudEdgeNaeKeyProvider
      • edgeencryption.thirdparty.vendor.library.path = <directory path to the directory where you copied the jar files in step 1>
        Note:
        edgeencryption.thirdparty.vendor.library.path for Java 11.
    3. Save the changes.
    4. Proceed with the upgrade to London or higher.