The installation file for the PKCS#11 is located on the Product CD. The installer creates an environment variable called CS_PKCS11_R2_CFG. It contains the path to Utimaco’s PKCS#11 configuration file. By default, we have to copy the file to /etc/utimaco in Linux. We have to set the CS_PKCS11_R2_CFG environment variable to point to this location.
In order to be able to access the HSM via PKCS#11, the configuration file needs to be modified.
-
Set the path to the logfile and set the desired log level.
[Global]
# For unix:
Logpath = /tmp
# For windows:
# Logpath = C:/ProgramData/Utimaco/PKCS11_R2
# Loglevel (0 = NONE; 1 = ERROR; 2 = WARNING; 3 = INFO; 4 = TRACE)
Logging = 4
-
Set the IP address of the HSM.
[CryptoServer]
# Device specifier (here: CryptoServer is CSLAN with IP address 127.0.0.1)
Device = 127.0.0.1
-
Optionally, make additional modifications to the configuration file, such as setting up an external store as described in [CSPKCSM]. We suggest to modify the PKCS#11 config file to KeepAlive flag active.
[Global]
# Prevents expiring session after inactivity of 15 minutes
KeepAlive = true