Hello Montajab,
thats really great to hear - might you be able to share some details on
the setup with us, so others might be able to run such a setup too ;)
best regards
Oliver
On 22.11.22 17:07, Montajab Saleh wrote:
Hello,
Thank you Oliver
Thank you Martin
Now everything is working as required with the Issuing CA private key
protected inside the SmartCart-HSM token.
Best Regards
On Mon, Nov 21, 2022 at 12:12 PM Oliver Welter <[email protected]> wrote:
Hello Montajab,
welcome to OpenXPKI ;)
I do not fully understand your question but you basically have to
create an Issuing CA certificate based on the key on the HSM and
import this certificate into the "certsign" group as documented in
the quickstart quide. You then need to make sure that the name of
the key is properly created from the "key" specification in the
realms crypto.yaml file based on the alias created for the
imported token.
Oliver
On 21.11.22 08:57, Montajab Saleh wrote:
Hello,
As I know, openxpki supports PKCS#11 interface via OpenSC
I'm making a Lab to implement a CA with signer key protected
inside HSMs such as SmartCard-HSM or Nitrokey, in documentation
there is an example for YubicoHSM but I don't get the full idea
and the required steps,
I tried to adapt the YubicoHSM example with SmartCard-HSM but no
luck till now, there is no errors in log, but still no signer,
Is it enough to set the right token in crypto.yaml file with the
matching secret?
Is there anything to put in the database or some command to execute?
How to select which signer key within the token to use?
I would be so grateful If someone provide me with any further details
--
/Regards/
/Montajab Saleh/
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
/Regards/
/Montajab Saleh/
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
