PKCS#11 Configuration | Utimaco Integration Guides

Create the directory /etc/utimaco. Locate the Utimaco PKCS#11 configuration file in your SecurityServer directory, Linux/x86-64/Crypto_APIS/PKCS11_R3/sample. Copy the Utimaco PKCS#11 configuration file cs_pkcs11_R3.cfg to the /etc/utimaco directory.

# mkdir /etc/utimaco
# cd install directory/Software/Linux/x86-64/Crypto_APIs/PKCS11_R3/sample 
# cp cs_pkcs11_R3.cfg /etc/utimaco
# cd /etc/utimaco

2. Edit the cs_pkcs11_R3.cfg file and make the appropriate changes to the file.

[Global]

# For unix:

Logpath = /etc/utimaco

# Loglevel (0 = NONE; 1 = ERROR; 2 = WARNING; 3 = INFO; 4 = TRACE)

Logging = 3

Keepalive = true

# Set the Device to connect with 

[CryptoServer]

# Device specifier 

Devices = <HSM_IP>

Create an environment variable to map to the cs_pkcs11_R3.cfg file.

#echo 'export CS_PKCS11_R3_CFG-/etc/utimaco/cs_pkcs11_R3.cfg'|sudo tee/etc/profile.d/utimaco_env.sh

For more information regarding the commands and command parameters, please see the Utimaco u.trust GP HSM Se-Series documentation. The device may be a PCIe or LAN device. The device line will follow one of these patterns, based on the HSM form-factor:

Device = 288@<HSM IP address> Hardware (LAN) HSM

Device = /dev/cs2.0 Hardware (PCIe) HSM

It would be good to enable the PKCS#11 logging to make your testing easier.

It can be enabled by editing the Logging Loglevel. Set the LogPath and Logging Loglevel to 1. For testing, you may want to increase it to 4.

The added LogPath points to a writable directory, not to a file.

If you encounter problems, check the log file cs_pkcs11_R3.log in the LogPath defined directory. When you are done testing, you should change Logging Loglevel to 1 or 2.

This will limit the logging to only critical and important messages.