For OpenJDK11 with RSA Key Using Self Sign Certificate

1. Generate a keypair on Utimaco HSM.

# keytool -genkey -keyalg RSA -keysize 2048 -keystore NONE -storetype PKCS11 storepass 12345678  -providername SunPKCS11-CryptoServer -alias tomcatrsa 

Provide information when prompted Here:

• RSA is the key algorithm

• 2048 is the key size

• NONE is the keystore for HSM

• PKCS11 is the storetype

• 12345678 is the slot PIN

• SunPKCS11-CryptoServer is the provider name

• tomcatrsa is the key name that will be generated on Utimaco HSM

Keytool command to Generate Keys

2. Verify that the keys have been generated by p11tool2.

# /opt/utimaco/bin/p11tool2 Slot=0 LoginUser=12345678 ListObjects 

List Keys output using p11tool2

3. List the keys using keytool command.

# keytool -list -keystore NONE -storetype PKCS11 -providername SunPKCS11-
CryptoServer -storepass 12345678 -v 

Here:

• NONE is the keystore for HSM

• PKCS11 is the storetype

• SunPKCS11-CryptoServer is the provider name

• 12345678 is the slot PIN

Keytool list output