Hello, Thank you Oliver Thank you Martin
Now everything is working as required with the Issuing CA private key protected inside the SmartCart-HSM token. Best Regards On Mon, Nov 21, 2022 at 12:12 PM Oliver Welter <[email protected]> wrote: > Hello Montajab, > > welcome to OpenXPKI ;) > > I do not fully understand your question but you basically have to create > an Issuing CA certificate based on the key on the HSM and import this > certificate into the "certsign" group as documented in the quickstart > quide. You then need to make sure that the name of the key is properly > created from the "key" specification in the realms crypto.yaml file based > on the alias created for the imported token. > > Oliver > On 21.11.22 08:57, Montajab Saleh wrote: > > Hello, > > As I know, openxpki supports PKCS#11 interface via OpenSC > I'm making a Lab to implement a CA with signer key protected inside HSMs > such as SmartCard-HSM or Nitrokey, in documentation there is an example for > YubicoHSM but I don't get the full idea and the required steps, > I tried to adapt the YubicoHSM example with SmartCard-HSM but no luck till > now, there is no errors in log, but still no signer, > Is it enough to set the right token in crypto.yaml file with the matching > secret? > Is there anything to put in the database or some command to execute? > How to select which signer key within the token to use? > > I would be so grateful If someone provide me with any further details > -- > *Regards* > *Montajab Saleh* > > > _______________________________________________ > OpenXPKI-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/openxpki-users > > -- > Protect your environment - close windows and adopt a penguin! > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- *Regards* *Montajab Saleh*
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
