Hello Patrick I am using Luna PCI as my HSM.
To answer your questions, >>First question: Do you have OpenSSL patched to use that particular HSM as an engine? Yes, I verified with the documentation from the vendor. >>Second question: Do you have a openssl.cnf set up that properly instantiates that engine? Again the documentation provides some information on this., so my answer is yes. Thanks ________________________________ From: Patrick Patterson <ppatter...@carillonis.com> To: openssl-users@openssl.org Sent: Thursday, June 4, 2009 8:41:24 PM Subject: Re: Newbie: PKCS#10 request for an existing key pair Hi Raj: On June 4, 2009 12:58:02 pm Raj wrote: > Hello Experts, > > I request your expert opinion in generating a PKCS#10 CSR; > > I have generated my RSA 1024 private public key pair in the HSM. The HSM > exposes the keys as handles. > First question: Do you have OpenSSL patched to use that particular HSM as an engine? Second question: Do you have a openssl.cnf set up that properly instantiates that engine? > I am seeing that OpenSSL is raising the CSR (-new) but it generates the RSA > key pair. In my case, i already have the keys generated with various > attributes; I want to raise a CSR of this key pair which are referred by > their handles. > If that handle is in a file (most patches that I've seen for HSMs allow you to do this), then just point the -key parameter as that file. For information on how to create this openssl compatible private key file that contains the handle (if you don't have it already), I would talk to your HSM vendor. Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org