Breadcrumbs

SecurityServer PKCS#11 Configuration

  1. Create the directory /etc/utimaco. Locate the Utimaco PKCS#11 configuration file in your SecurityServer software directory (Software/Linux/Crypto_APIs/PKCS11_R3/sample). Copy the Utimaco PKCS#11 configuration file cs_pkcs11_R3.cfg into /etc/utimaco directory.

›_ Console

# mkdir /etc/utimaco

# cd ~/u.trust-GP-HSM-Product-Bundle_v6.3.0.0/Software/Linux/Crypto_APIs/
PKCS11_R3/sample/

# cp cs_pkcs11_R3.cfg /etc/utimaco

# cd /etc/utimaco

  1. Edit the cs_pkcs11_R3.cfg file using your preferred text editor and make the appropriate changes to the file.

cs_pkcs11_R3.cfg

[Global]

# For unix:
Logpath = /tmp

# Loglevel (0 = NONE; 1 = ERROR; 2 = WARNING; 3 = INFO; 4 = TRACE)
Logging = 4

# Prevents expiring session after inactivity of 15 minutes
KeepAlive = true

# Set the Device to connect with
[HSMCluster]
# Device specifier
Devices = <HSM_IP>

For detailed guidance on commands and their parameters, please refer to the Utimaco SecurityServer documentation. The device could be a SecurityServer GP HSM, available in either PCIe or LAN form factors. Depending on the type, the device configuration line will follow one of these formats:

  • LAN-based HSM: Device = 288@ipaddress

  • PCIe-based HSM: Device = /dev/cs2.0

Make sure to select the appropriate format based on your specific hardware setup.

To simplify your testing process, it's recommended that you enable the PKCS#11 log file by adjusting the logging settings. Specifically:

  • Set the LogPath to a writable directory (not a specific file).

  • Set the Logging level to 1 for basic logging. Increase it to 4 for more detailed output during testing.

This will generate a log file named cs_pkcs11_R3.log within the specified LogPath directory. Reviewing this log can help with troubleshooting if you encounter issues. Once testing is complete, it's advisable to reduce Logging level to 1 or 2 to limit output to only critical or important messages.