[Pki-users] CA integration and installation with HSM
Marc Sauton
msauton at redhat.com
Mon Nov 3 20:10:25 UTC 2014
On 11/02/2014 09:09 AM, Dennis Gnatowski wrote:
> What are the steps to integrate DogTag (Root) CA with an HSM? Does
> this have to occur during installation?
>
> I've successfully performed a general installation with CA keys in
> software. I was then able to modify secmod.db to add the HSM library
> and restart the system. I can both use command line utilities
> (certutil) and GUI (pkiconsole) to create keys on the HSM. Re-keying
> the caSigning certificate works but the CA certificate is issued
> (issuer) by the original software-based issuer (therefore NOT a
> self-signed CA cert!). So I assume this has to be done during initial
> installation (custom install). But, how do I get the HSM PKCS#11
> library added/included with the custom install?
> -----------------------------------------------------------
> Dennis Gnatowski
> dgnatowski at yahoo.com
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
Adding the PKCS #11 module to secmod.db should happen after the
pkicreate and just before running the silent install or the web based
configuration wizard.
In Dogtag 10, when using pkispawn, you can split the install and config
steps in two using the flags pki_skip_configuration and
pki_skip_installation.
M.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20141103/d5109a0c/attachment.htm>
More information about the Pki-users
mailing list