EjbCA
 » 
EjbCA - Dev

 « Return to Thread: Using external key with ncipher HSM

Re: Using external key with ncipher HSM

by Tomas Gustavsson :: Rate this Message:

Reply to Author | View in Thread


Hi Leonardo,

Did you read the chapter in the User Guide at ejbca.org called
"Importing an existing CA or sub-CA to EJBCA"? It's under the
HSM->nCopher section. This text explains exactly how you can import
existing keys (stored on disc) to create a CA in EJBCA.
It also explains how you create the CA in EJBCA.

We have done this and it works, no options in JBoss. Since the keys are
imported into nCipher, it is simply just like any other CA with keys on
the nCipher HSM. There is no difference between this CA and a CA where
keys are generated inside the HSM (which is the recommended way for
security reasons of-course).

Regards,
Tomas
-----
PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
info@... for more information.
http://download.primekey.se/documents/ejbca_subscription.pdf
http://download.primekey.se/documents/ejbca_training.pdf





Leonardo L. P. da Mata wrote:

> Hello,
>
> I'm developing the pki infrastructure for the Official Press of Minas
> Gerais Estate ,in  Brazil, and I'm having some problems on generating
> keys outside a HSM and importing then inside the HSM.
>
> The server is a Windows XP, and I'm using nCipher nShield HSM. I was
> able to import the keys using generatekey --import, the keys are
> listed using nfkminfo tool, but i don't know how to use these keys to
> create a new CA. Is it possible to use external keys to create new
> CAs?
>
> Is there any special change to use imported keys in the administration
> GUI? Do I need to set parameters when I start JBOSS to use external
> keys?
>
> Is there any other source of information different then ejbca.org?
>
> I'm using ejbca-3.7.1 and jboss-4.2.3-GA
>
> Thanks.
>
> BTW, we are planning to develop the tools as free-software.
>

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

 « Return to Thread: Using external key with ncipher HSM

Free embeddable forum powered by Nabble Forum Help