Command Summary | Utimaco Integration Guides

Command	Purpose
`mkdir hsm-build`	To create a working directory to store all build-related files, such as Dockerfiles, YAML manifests, and the `oc` client.
`mkdir hsm`	To create a subdirectory inside `hsm-build` to store the Utimaco client binaries and libraries (`.so`, `p11tool2`, etc.).
`docker build -f Dockerfile.sidecar -t <docker_username>/utimaco-sidecar:1`	To build the Utimaco sidecar image containing the PKCS#11 library, Utimaco tools, and `oc` client.
`docker build -f Dockerfile.nginx -t <docker_username>/nginx:1`	To build the NGINX image integrated with the Utimaco HSM via PKCS#11 for SSL/TLS operations.
`docker images`	To list all Docker images available locally to verify that the sidecar and NGINX images were built successfully.
`docker push <docker_username>/utimaco-sidecar:1`	To push the Utimaco sidecar image to the Docker repository for use in the OpenShift cluster.
`docker push <docker_username>/nginx:1`	To push the custom NGINX image to the Docker repository for deployment in OpenShift.
`oc apply -f job-permissions.yaml`	To create the required Role, RoleBinding, and ServiceAccount to allow the key-generation job to create Secrets.
`oc get role,sa,rolebinding`	To verify that the Role, ServiceAccount, and RoleBinding objects were successfully created.
`oc apply -f utimaco-cm.yaml`	To apply the Utimaco ConfigMap, which contains the PKCS#11 and OpenSSL configuration files for the HSM integration.
`oc apply -f nginx-cm.yaml`	To apply the NGINX ConfigMap containing the HTTPS configuration that uses the PKCS#11 engine for key access.
`oc get cm`	To list all ConfigMaps in the namespace to verify that `utimaco-config` and `nginx-config` were created.
`oc apply -f key-generation-job.yaml`	To run the Key Generation Job that securely creates an RSA key pair inside the HSM and stores the certificate as a Secret.
`oc get jobs`	To verify the completion status of the key-generation job.
`oc apply -f deploy.yaml`	To deploy the SecurityServer application with NGINX configured to use the HSM via PKCS#11.
`oc get deployment`	To check the deployment status and ensure the pods are created successfully.
`oc get pods`	To view the list of running pods and verify that the NGINX pods are in the running state.
`oc get pods -o wide`	To get additional details about the running pods, such as IP addresses and assigned nodes.
`oc rsh securityserver-<pod>`	To open a remote shell session into a running NGINX pod.
`p11tool2 LoginUser=12345678 ListObjects`	To list all keys and objects stored inside the HSM using the PKCS#11 tool to verify key generation.
`openssl s_client -connect <pod_IP>:443`	To test SSL/TLS connectivity between pods to verify that the NGINX server is correctly using the HSM-backed certificate.
`oc scale deployment/securityserver --replicas=5`	To scale the number of NGINX pods (replicas) in the deployment.
`oc exec -it securityserver-<pod> -- cat /tmp/cs_pkcs11_R3.log`	To view PKCS#11 API logs generated inside the container.
`oc logs key-generator-job-<pod>`	To view the logs of the key-generation job to verify successful RSA key pair creation and Secret generation.

CLI Commands