Command Summary

./p11tool2 slot=<slot_no> Label=<token_label> Login=ADMIN,ADMIN.key InitToken=<SO_PIN>

Initializes the HSM slot with a new token label and Security Officer (SO) PIN; creates a fresh PKCS#11 token.

./p11tool2 slot=<slot_no> LoginSO=<SO_PIN> InitPin=<CryptoUser_PIN>

Creates/initializes the Crypto User (CU) PIN for the slot, allowing key generation and usage.

p11tool2 slot=<slot#> loginuser=<cryptouser_password> PubKeyAttr=CKA_LABEL="<PublicKey>",CKA_ID=0x25 PrvKeyAttr=CKA_LABEL="<PrivateKey>",CKA_ID=0x25 ImportP12=myprivatekey.p12,ask

Imports an existing PKCS#12 private key into the HSM with new labels and attributes.

p11tool2 slot=<slot_no> LoginUser=<cryptouser_password> ListObjects

Lists all cryptographic objects (keys, certificates) stored in the HSM slot.

dnf upgrade

Updates OS packages and security patches.

wget

Downloads the source package.

systemctl start httpd.service

Starts Apache HTTP Server when installed via package manager (DNF).

/usr/bin/apache/bin/apachectl -k start

Starts Apache when installed from source under /usr/local/apache/.

openssl req -engine pkcs11 -new -key "pkcs11:token=<token name>;object=<key name>" -keyform engine -out apache.csr

Generates a Certificate Signing Request (CSR) using a private key stored inside the HSM via PKCS#11.

openssl req -engine pkcs11 -new -x509 -days 365 -key "pkcs11:token=<token name>;object=<keyname>" -keyform engine -out SSL.crt

Creates a self‑signed certificate using the HSM‑stored key .

systemctl daemon-reload

Reloads systemd service files after modifying Apache service configuration.

systemctl restart httpd.service

Restarts Apache HTTP Server (DNF installation).

/usr/local/apache/bin/apachectl -k stop

Stops Apache when running in single‑process mode (source installation).

/usr/local/apache/bin/apachectl -X

Starts Apache in single‑worker/debug mode.