Create Utimaco ConfigMap | Utimaco Integration Guides

The Utimaco ConfigMap defines all configuration parameters required for the Utimaco PKCS#11 client and OpenSSL to communicate with the Utimaco Hardware Security Module (HSM). It includes the cs_pkcs11_R3.cfg file, which specifies the HSM connection details (such as IP, port, timeout, and session settings) and the openssl.cnf file, which instructs OpenSSL to load the Utimaco PKCS#11 engine so that cryptographic operations are securely performed inside the HSM.

Create a file named utimaco-cm.yaml in the path /home/admin/hsm-build/ .

Paste the contents provided below and save the file.

YAML

apiVersion: v1
kind: ConfigMap
metadata:
  name: utimaco-config
data:
  cs_pkcs11_R3.cfg: |
    [Global]
    Logging = 1
    Logpath = /var/log/utimaco
    Logsize = 10mb
    SlotMultiSession = true
    SlotLoginRestriction = true
    SlotCount = 10
    KeepLeadZeros = false
    FallbackInterval = 0
    KeepAlive = true
    ConnectionTimeout = 5000
    CommandTimeout = 60000
    KeysExternal = false
 
    [HSMCluster]
    # Point this to your SecurityServer simulator IP & port
    Devices = 3001@172.31.1.62
 
  openssl.cnf: |
    openssl_conf = openssl_init
 
    [openssl_init]
    engines = engine_section
 
    [engine_section]
    pkcs11 = pkcs11_section
 
    [pkcs11_section]
    engine_id = pkcs11
    dynamic_path = /usr/lib64/engines-3/pkcs11.so
    MODULE_PATH = /opt/utimaco/lib/libcs_pkcs11_R3.so
    PIN = 12345678
    init = 0

Before applying the ConfigMap, update the configuration values to match your environment:

Devices = 3001@172.31.1.62 → Replace with your actual HSM or simulator IP address and port.
PIN = 12345678 → Replace with your Crypto User PIN.
init = 0 → Represents the slot number (default is 0). Modify if your environment uses a different slot.

Apply the ConfigMap.

Apply Utimaco ConfigMap