Use of a Hardware Security Module (HSM) enhances security when dealing with private keys for the certificates that are exchanged between clients and servers in SSL-secured communication.
Keys for SSL-certificates can be public or private. If you are using private keys and do not want to expose them, you can store them on a Hardware Security Module.
When a key is required for enabling the use of a certificate, the key is referenced by its ID (also known as key name) while remaining protected on the module.
This method of key handling provides greater security than storing private keys in a file within your file system. This file might be read or copied after unauthorized access to a Secure Web Gateway appliance. The private keys on the Hardware Security Module, however, would still remain protected.
Different solutions can be implemented to provide the functions of a Hardware Security Module on Secure Web Gateway.
For information about changes in configuring a Hardware Security Module that apply when you run it with Secure Web Gateway 10.1, see the Hardware Security Module section of the Support Reference Information main section (category).