1. Generate an RSA keypair on Utimaco HSM.
|
›_ Console |
|---|
|
Provide information when prompted here:
-
RSA is the key algorithm
-
2048 is the key size
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider name
-
tomcatrsa is the key name that will be generated on Utimaco HSM
Key Generation Using Keytool Command
2. Verify that the keys have been generated.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider name
Listkeys Output
-
List the keys using
p11tool2.
|
›_ Console |
|---|
|
List Keys Output Using p11tool2
-
Generate a CSR using the
keytoolcommand.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider name
-
tomcatrsa is the key name
-
tomcatrsa.csr is the CSR file name that will be generated
-
Get this CSR signed by the CA.
-
Copy the signed certificate along with the root CA certificate chain on the Tomcat server.
-
Import the signed certificate chain reply using the command below.
|
›_ Console |
|---|
|
Import User Certificate Into Keystore
The signed certificate must also contain the certificate chain.
8. Verify that the keytool command shows the signed certificate as well as the root CA certificate.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
12345678 is the slot PIN
-
SunPKCS11-CryptoServer is the provider name
Keytool List Output