Breadcrumbs

For OpenJDK 8 with RSA Key

1. Generate a key pair on the Utimaco HSM.

›_ Console

# keytool -genkey -keyalg RSA -keysize 2048 -keystore NONE -storetype

CryptoServer -storepass 12345678 -providername CryptoServer -alias tomcatsslkey

Provide information when prompted.

Here:

  • RSA is the key algorithm

  • 2048 is the key size

  • NONE is the keystore for HSM

  • CryptoServer is the store type

  • 12345678 is the slot PIN

  • CryptoServer is the provider name

  • tomcatsslkey is the key name that will be generated on the Utimaco HSM

7b878bc8-397f-4183-a8de-19ef7abda6c0.jpg


keytool command to generate keys

  1. List the keys using the cxitool.

›_ Console

# /opt/utimaco/bin/cxitool Dev=3001@127.0.0.1 Logonpass=tomcat,12345678 Group=JCE ListKeys

655bf65c-504b-444e-8bbe-2a01a3412c7a.jpg


List keys output using cxitool

  1. Verify that the keytool command shows the created certificate.

›_ Console

# keytool -list -keystore NONE -storetype CryptoServer -providername

CryptoServer -storepass 12345678 -v

Here:

  • NONE is the key store for HSM

  • CryptoServer is the store type

  • 12345678 is the slot PIN

  • CryptoServer is the provider name

891e435b-0570-45f5-aeaa-fa9f8f97c133.jpg


keytool list output