This guide is intended to help systems administrators deploy YubiHSM 2 with YubiHSM PKCS11 Library for use with PrimeKey EJBCA in a Linux server environment. The expected outcome is that the EJBCA Certification Authority (CA) root key is created securely on a YubiHSM 2 and that a hardware‐based backup copy of key materials has been produced.