Breadcrumbs

CryptoServer PKCS#11 Configuration

  1. Create the directory /etc/utimaco. Locate the Utimaco PKCS#11 configuration file in your SupportingCD directory (Linux/x86-64/Crypto_APIS/PKCS11_R2/sample). Copy the Utimaco PKCS#11 configuration file cs_pkcs11_R2.cfg into /etc/utimaco directory.

›_ Console

# mkdir /etc/utimaco

# cd ~/~/SupportingCD-V5.2.0.1.zip/Software/Linux/x86_64/CryptoAPIs/PKCS11_R2/sample

# cp cs_pkcs11_R2.cfg /etc/utimaco

# chmod +x cs_pkcs_R2.cfg

  1. Edit the cs_pkcs11_R2.cfg file and make the appropriate changes to the file.

cs_pkcs11_R2.cfg

[Global]

# For unix:

Logpath = /tmp

# Loglevel (0 = NONE; 1 = ERROR; 2 = WARNING; 3 = INFO; 4 = TRACE)

Logging = 4

Keepalive = true

# Set the Device to connect with [CryptoServer]

# Device specifier

Device = <HSM_IP>

For detailed guidance on commands and their parameters, please refer to the Utimaco CryptoServer documentation. The device could be a CryptoServer GP HSM, available in either PCIe or LAN form factors. Depending on the type, the device configuration line will follow one of these formats:

  • LAN-based HSM: Device = 288@ipaddress

  • PCIe-based HSM: Device = /dev/cs2.0

Make sure to select the appropriate format based on your specific hardware setup.

To simplify your testing process, it's recommended that you enable the PKCS#11 log file by adjusting the logging settings. Specifically:

  • Set the LogPath to a writable directory (not a specific file).

  • Set the Logging level to 1 for basic logging. Increase it to 4 for more detailed output during testing.

This will generate a log file named cs_pkcs11_R2.log within the specified LogPath directory. Reviewing this log can help with troubleshooting if you encounter issues. Once testing is complete, it's advisable to reduce Logging level to 1 or 2 to limit output to only critical or important messages.