Breadcrumbs

For OpenJDK11 with EC Key Using Self Sign Certificate

  1. Generate a keypair on Utimaco HSM.

›_ Console 

# keytool -genkey -alias tomssleckey -keyalg EC -keystore NONE -storetype 
PKCS11 -storepass 12345678 -providername SunPKCS11-CryptoServer -v

Provide information when prompted Here:

  • EC is the key algorithm

  • NONE is the keystore for HSM

  • PKCS11 is the storetype

  • 12345678 is the slot PIN

  • SunPKCS11-CryptoServer is the provider name

  • tomssleckey is the key name that will be generated on Utimaco HSM

tmplov1j_n1.jpg

Keytool command to Generate Keys

It is recommended to use CA signed certificate for production environment.

  1. Verify that the keys have been generated by p11tool2.

›_ Console 

# /opt/utimaco/bin/p11tool2 Slot=0 LoginUser=12345678 ListObjects
tmpm6u3_7rq.jpg

List Keys output using p11tool2

  1. List the keys using keytool command.

›_ Console 

# keytool -list -keystore NONE -storetype PKCS11 -providername SunPKCS11-
CryptoServer -storepass 12345678 -v

Here:

  • NONE is the keystore for HSM

  • PKCS11 is the storetype

  • 12345678 is the slot PIN

  • SunPKCS11-CryptoServer is the provider name

tmpk_v5l36g.jpg

Keytool list output