Breadcrumbs

For OpenJDK8 with RSA Key Using Self Sign Certificate

  1. Generate a keypair on Utimaco HSM.

›_ Console 

# keytool -genkey -keyalg RSA -keysize 2048 -keystore NONE -storetype PKCS11 storepass 123456  -providername SunPKCS11-CryptoServer -alias tomcatsslkey

Provide information when prompted here:

  • RSA is the key algorithm

  • 2048 is the key size

  • NONE is the keystore for HSM

  • PKCS11 is the storetype

  • 123456 is the slot PIN

  • SunPKCS11-CryptoServer is the provider name

  • tomcatsslkey is the key name that will be generated on Utimaco HSM

tmpez1vvtaj.jpg

Keytool command to generate keys

It is recommended to use CA signed certificate for production environment.


  1. Verify that the keys have been generated by p11tool2.

›_ Console 

# /opt/utimaco/bin/p11tool2 Slot=0 LoginUser=123456 ListObjects
tmp0g25af3c.jpg

Keytool list output using p11tool2

  1. List the keys using keytool command.

›_ Console 

# keytool -list -keystore NONE -storetype PKCS11 -providername SunPKCS11-
CryptoServer -storepass 123456 -v

Here:

  • NONE is the keystore for HSM

  • PKCS11 is the storetype

  • 123456 is the slot PIN

  • SunPKCS11-CryptoServer is the provider name

tmpgntwmqbp.jpg

Keytool list output