Edit the cs_pkcs11_R2.cfg file in /etc/utimaco directory | Utimaco Integration Guides

Edit the cs_pkcs11_R2.cfg copy to direct it to use the HSM. The device may be either the Simulator or a CryptoServer (PCIe or CSLAN) device. This example represents an abbreviated set of options, see the documentation for a complete list, and how they are used.

cs_pkcs11_R2.cfg

[Global]
LogPath = /tmp
Logging = 4
 
KeepAlive = true
SlotCount = 1
 
[CryptoServer]
# Device = 3001@127.0.0.1
# Device = 288@10.10.10.200
# Device = /dev/cs2a
Device = 288@10.10.10.200

Device list shows the syntax for the Simulator (3001@… ), a CSLAN (288@… ) and for a PCIe card installed into the server (/dev/… ). The syntax also supports clustering of multiple HSMs to improve performance or provide for highavailability and/or fault tolerence. See the documentation for KCS#11 at (<install>/Documentation/Crypto_APIs/PKCS11_R2).

TIP

When moving to production, consider disabling the log by setting Logging = 0.

TIP

Ensure you have set KeepAlive to ’true’ If HSM connection drops the PIN must be reentered; the system default (KeepAlive = false) is to drop a connection after 15 minutes of no use.