Configuration of the PKCS#11 Provider | Utimaco Integration Guides

Create the directory /etc/utimaco.
Locate the Utimaco PKCS#11 configuration file in your SecurityServer directory, ./u.trust_anchor_product_bundle-x.x.x/Software/Linux/Crypto_APIs/PKCS11_R3/sample. Copy the Utimaco PKCS#11 configuration file cs_pkcs11_R3.cfg into the /etc/utimaco directory.
Edit the cs_pkcs11_R3.cfg file and make the appropriate changes to the file.

cs_pkcs11_R3.cfg

[Global]

# For unix:
Logpath = /tmp

# Loglevel (0 = NONE; 1 = ERROR; 2 = WARNING; 3 = INFO; 4 = TRACE)
Logging = 1
Keepalive = false

# Set the Device to connect with the HSM

# Device specifier 
Device = <PORT@IP>

For more information regarding the commands and command parameters, please check the Utimaco u.trust GP HSM Se-Series documentation. The device will be either a PCIe or LAN device. The device line will follow one of the following patterns, based on the HSM form factor:

Device = 4001@<HSM IP address> Hardware (LAN) HSM

Device = /dev/cs2.0 Hardware (PCIe) HSM

To make your testing easier, enable the PKCS#11 log file. You can enable it by editing the Logging Loglevel. Set the LogPath and Logging Loglevel to 1. For testing, you may want to increase them to 4.

The added LogPath points to a writable directory, not to a file.

If you encounter problems, check the log file named cs_pkcs11_R3.log in the LogPath-defined directory. When you are done testing, change the Logging to 1 or 2. This will limit the logging to only critical and important messages.

Set up the CS_PKCS11_R3_CFG environment variable.

export CS_PKCS11_R3_CFG=/etc/utimaco/cs_pkcs11_R3.cfg