1. Generate an EC keypair on Utimaco HSM.
|
›_ Console |
|---|
|
Provide information when prompted Here:
-
EC is the key algorithm
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider name
-
tomsslec is the key name that will be generated on Utimaco HSM
Key generation using keytool command output
2. Verify that the keys have been generated.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider’s name
Listkeys output
-
List the keys using p11tool2.
|
›_ Console |
|---|
|
List Keys output using p11tool2
4. Generate a CSR using Keytool command.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider name
-
tomsslec is the key name
-
tomcatec.csr is the CSR file name that will be generated
-
Get this CSR signed by CA.
-
Copy the signed certificate along with root CA certificate chain on the tomcat server.
-
Import the signed certificate chain reply using the command below.
|
›_ Console |
|---|
|
Import user certificate into keystore
Signed certificate must also contain certificate chain.
-
Verify that the keytool command shows the signed certificate as well as root CA certificate in console put below cmd.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider’s name
Keytool list output