[Pki-users] connect dogtag to a existing Key in a luna HSM ?
Christina Fu
cfu at redhat.com
Wed Nov 10 17:14:55 UTC 2010
I use modutil to add crypto modules to the nss dbs like this:
shut down server
# cd <dogtag instance dir>/alias
# modutil -certdb . -nocertdb -add lunasa -libfile
/usr/lunasa/lib/libCryptoki2.so
then you can list it:
# modutil -dbdir . -list
to test see the cert before you config more on the server, use certutil
like this:
# certutil -d . -L -n "<nickname of your cert>"
Once you are sure it's hooked up correctly, modify your config with
right token name, nickname etc.
I think the rest should be on migration or admin guide you can search.
Then you need to reissue your other system certs by using this CA's
signing cert.
Hope this helps.
Christina
On 11/10/2010 02:02 AM, Alexander Jung wrote:
> Hello,
>
> we have a Microsoft CA that we'd like to migrate to a dogtag instance.
>
> We built a few tools to import all the requests and certificates from
> the Microsoft CA into a LDAP-Server used by the dogtag - this works so
> far.
>
> The CA key for the Microsoft CA has been generated in a Safenet Luna
> K3 HSM and cannot be extracted from there, so we'll have to connect
> the dogtag to this key in our HSM.
>
> How can we do that ?
>
> Mit freundlichen Grüßen,
>
> Alexander Jung
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5998 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pki-users/attachments/20101110/9a8ef3ab/attachment.p7s>
More information about the Pki-users
mailing list