[Pki-users] Dogtag with Thales HSM
Christina Fu
cfu at redhat.com
Tue Feb 3 21:34:00 UTC 2015
Javi,
The documentation was for RHCS8.1, for which the installation wizard
would find the right supported modules.
For Dogtag, we have a ticket open for
https://fedorahosted.org/pki/ticket/1200 make sure pkispawn works with hsm
I never tried it myself with pkispawn, but I imagine you can try looking
up all the parameters with the name "token" in it in
/etc/pki/default.cfg, and create a custom cfg files that contain these
parameters with the right token name.
That is of course under the assumption that you have set up the HSM and
the library with the secmod using modutil.
Let us know what happens. You can also contribute by adding your
findings in the ticket yourself and we will take that into account when
the ticket is being worked on.
Christina
On 02/03/2015 09:15 AM, Javier Gallart wrote:
> Hello
>
> we are trying to setup Dogtag 10.2.1 with a Nshield Solo as HSM. We
> haven't found a specific guide for this apart from the RedHat
> documentation:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Deploy_and_Install_Guide/using-tokens.html
>
> The guide states: "The Certificate System supports the nCipher netHSM
> hardware security module (HSM) by default".
>
> Does that mean that pkispawn will detect the module and use it or any
> manual intervention is required afterwards?
>
> Regards
>
> Javi
>
>
>
>
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150203/daf0f621/attachment.htm>
More information about the Pki-users
mailing list