Breadcrumbs

Initialize a Slot

To initialize a slot with a custom label, use the following commands on the machine where you installed the p11tool2 tool.

  1. Create a security officer (SO) and initialize a new token.

#./p11tool2 slot=0 Label=BIGIPDEMO Login=ADMIN,./key/ADMIN.key Force=1 InitToken=87654321

  1. Change the pin of the security officer (SO).

#./csadm dev=TLS:<port>@<HSM IP> Logonpass=SO_0000,87654321 changeuser=SO_0000,12345678

  1. Initialize a crypto user with a pin.

#./p11tool2 slot=0 LoginSO=12345678 InitPin=87654321

  1. Change the pin of the crypto user.

#./csadm dev=TLS:<port>@<HSM IP> logonpass=USR_0000,87654321 changeuser=USR_0000,12345678

  1. Check the user list.

#./csadm dev=<port>@<HSM IP> LogonSign=ADMIN,./key/ADMIN.key ListUsers
Name      Permission   Mechanism      Attributes
ADMIN      22000000    RSA sign       Z[0]I[0]
SO_0000    00000200    HMAC passwd    Z[0]I[0]A[CXI_GROUP=SLOT_0000]L[BIGIPDEMO                       ]
USR_0000   00000002    HMAC passwd    Z[0]I[0]A[CXI_GROUP=SLOT_0000]

  1. Check the slot info.

#./p11tool2 LoginUser=12345678 GetSlotInfo
CK_SLOT_INFO (slot ID: 0x00000000):

  slotDescription          33303031 40313237  2e302e30 2e31202d |3001@127.0.0.1 -|
                           20434c55 53544552  5f303030 30202d20 | CLUSTER_0000 - |
                           534c4f54 5f303030  30202020 20202020 |SLOT_0000       |
                           20202020 20202020  20202020 20202020 |                |

  manufacturerID           5574696d 61636f20  49532047 6d624820 |Utimaco IS GmbH |
                           20202020 20202020  20202020 20202020 |                |

  flags: 0x00000005
    CKF_TOKEN_PRESENT    : CK_TRUE
    CKF_REMOVABLE_DEVICE : CK_FALSE
    CKF_HW_SLOT          : CK_TRUE

  hardwareVersion        : 5.02
  firmwareVersion        : 6.01

  1. Check the token details.

#./p11tool2 LoginUser=12345678 GetTokenInfo
CK_TOKEN_INFO (slot ID: 0x00000000):
  label                  42494749 5044454d  4f202020 20202020 |BIGIPDEMO       |
                         20202020 20202020  20202020 20202020 |                |

  manufacturerID         5574696d 61636f20  49532047 6d624820 |Utimaco IS GmbH |
                         20202020 20202020  20202020 20202020 |                |

  model                  43727970 746f5365  72766572 20202020 |CryptoServer    |

  serialNumber           53493030 33303031  5f303030 30202020 |SI003001_0000   |


F5 BIG-IP uses the token label to identify and specify the slot to be used during cryptographic operations with the HSM. It is strongly recommended that you assign a unique token label to ensure smooth integration and avoid conflicts.