1. Generate an RSA keypair on Utimaco HSM.
|
›_ Console |
|---|
|
Provide information when prompted Here:
-
RSA is the key algorithm
-
2048 is the key size
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider name
-
tomcatrsa is the key name that will be generated on Utimaco HSM
Key Generation using Keytool command
2. Verify that the keys have been generated.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider’s name
Listkeys output
-
List the keys using p11tool2.
|
›_ Console |
|---|
|
List Keys output using p11tool2
-
Generate a CSR using Keytool command.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider name
-
tomcatrsa is the key name
-
tomcatrsa.csr is the CSR file name that will be generated
-
Get this CSR signed by CA.
-
Copy the signed certificate along with root CA certificate chain on the tomcat server.
-
Import the signed certificate chain reply using the command belo.
|
›_ Console |
|---|
|
Import user certificate into keystore
Signed certificate must also contain certificate chain.
8. Verify that the keytool command shows the signed certificate as well as root CA certificate.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider’s name
Keytool list output