Hello Montajab,
welcome to OpenXPKI ;)
I do not fully understand your question but you basically have to create
an Issuing CA certificate based on the key on the HSM and import this
certificate into the "certsign" group as documented in the quickstart
quide. You then need to make sure that the name of the key is properly
created from the "key" specification in the realms crypto.yaml file
based on the alias created for the imported token.
Oliver
On 21.11.22 08:57, Montajab Saleh wrote:
Hello,
As I know, openxpki supports PKCS#11 interface via OpenSC
I'm making a Lab to implement a CA with signer key protected inside
HSMs such as SmartCard-HSM or Nitrokey, in documentation there is an
example for YubicoHSM but I don't get the full idea and the required
steps,
I tried to adapt the YubicoHSM example with SmartCard-HSM but no luck
till now, there is no errors in log, but still no signer,
Is it enough to set the right token in crypto.yaml file with the
matching secret?
Is there anything to put in the database or some command to execute?
How to select which signer key within the token to use?
I would be so grateful If someone provide me with any further details
--
/Regards/
/Montajab Saleh/
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
