[Pki-users] connect dogtag to a existing Key in a luna HSM ?
Christina Fu
cfu at redhat.com
Wed Nov 10 17:18:48 UTC 2010
On 11/10/2010 09:14 AM, Christina Fu wrote:
> I use modutil to add crypto modules to the nss dbs like this:
>
> shut down server
> # cd <dogtag instance dir>/alias
> # modutil -certdb . -nocertdb -add lunasa -libfile
> /usr/lunasa/lib/libCryptoki2.so
> then you can list it:
> # modutil -dbdir . -list
>
> to test see the cert before you config more on the server, use
> certutil like this:
> # certutil -d . -L -n "<nickname of your cert>"
correction, you need -h for certutil to access the token:
# certutil -d . -h <token name> -L -n "<nickname of your cert>
>
> Once you are sure it's hooked up correctly, modify your config with
> right token name, nickname etc.
> I think the rest should be on migration or admin guide you can search.
> Then you need to reissue your other system certs by using this CA's
> signing cert.
>
> Hope this helps.
> Christina
>
> On 11/10/2010 02:02 AM, Alexander Jung wrote:
>> Hello,
>>
>> we have a Microsoft CA that we'd like to migrate to a dogtag instance.
>>
>> We built a few tools to import all the requests and certificates from
>> the Microsoft CA into a LDAP-Server used by the dogtag - this works so
>> far.
>>
>> The CA key for the Microsoft CA has been generated in a Safenet Luna
>> K3 HSM and cannot be extracted from there, so we'll have to connect
>> the dogtag to this key in our HSM.
>>
>> How can we do that ?
>>
>> Mit freundlichen Grüßen,
>>
>> Alexander Jung
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20101110/f0724e70/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5998 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pki-users/attachments/20101110/f0724e70/attachment.p7s>
More information about the Pki-users
mailing list