Configuration of the PKCS#11-Provider | Utimaco Integration Guides

Create an /etc/utimaco directory.
Locate the Utimaco PKCS#11 configuration file in your SecurityServer directory, ./u.trust_anchor_product_bundle-x.x.x/Software/Linux/Crypto_APIs/PKCS11_R3/sample. Copy the Utimaco PKCS#11 configuration file cs_pkcs11_R3.cfg to the /etc/utimaco directory.
Make the appropriate changes to the cs_pkcs11_R3.cfg file.

cs_pkcs11_R3.cfg

[Global]
# For unix:
Logpath = /tmp
# Loglevel (0 = NONE; 1 = ERROR; 2 = WARNING; 3 = INFO; 4 = TRACE)
Logging = 1
Keepalive = false
# Set the Device to connect with the HSM
# Device specifier 
Device = <PORT@IP>

For more information regarding the commands and command parameters, see the Utimaco SecurityServer documentation. The device may be a SecurityServer (PCIe or LAN) device. The device line will follow one of these patterns, based on the HSM form factor:

Device = 4001@<HSM IP address> Hardware (LAN) HSM

Device = /dev/cs2.0 Hardware (PCIe) HSM

To make testing easier, enable the PKCS#11 log file by editing the Logging Loglevel. Set LogPath and Logging Loglevel to 1. For testing, you can increase them to 4.

The LogPath points to a writable directory, not to a file.

If you encounter problems, check the log file cs_pkcs11_R3.log in the directory specified under LogPath. During testing, change the Logging Loglevel to 1 or 2. This will limit the logging to only critical messages.

Set up the CS_PKCS11_R3_CFG environment variable.

export CS_PKCS11_R3_CFG=/etc/utimaco/cs_pkcs11_R3.cfg