For OpenJDK8 with EC Key Using Self Sign Certificate

1. Generate a keypair on Utimaco HSM.

# keytool -genkey -alias tomsslec -keyalg EC -keystore NONE -storetype PKCS11 
-storepass 12345678 -providername SunPKCS11-CryptoServer -v 

Provide information when prompted Here:

• EC is the key algorithm

• NONE is the keystore for HSM

• PKCS11 is the storetype

• 12345678 is the slot PIN

• SunPKCS11-CryptoServer is the provider name

• tomsslec is the key name that will be generated on Utimaco HSM

Keytool command to generate keys

2. Verify that the keys have been generated by p11tool2.

# /opt/utimaco/bin/p11tool2 Slot=0 LoginUser=12345678 ListObjects 

List Keys output using p11tool2

3. List the keys using keytool command.

# keytool -list -keystore NONE -storetype PKCS11 -providername SunPKCS11-
CryptoServer -storepass 12345678 -v 

Here:

• NONE is the keystore for HSM

• PKCS11 is the storetype

• 12345678 is the slot PIN

• SunPKCS11-CryptoServer is the provider name

Keytool List output