We would like to use the HSM 2 nitrokey for TLS authentication on the server side developed in JAVA. The server currently has the ability to have multiple authority certificates stored in a PKCS12 truststore. These certificates can sign multiple “server” (served according to Client Hello SNI) and “client” certificates. “Server” certificates are stored in a PKCS12 KeyStore. We want to replace the PKCS12 by the use of a smartcard (PKCS11 with Nitrokey HSM 2 for example).
Is it possible to use nitrokey for the management of TLS authentication and encryption?
How many x509 certificates with their associated private key can we store (Like the entries of a truststore / Keystore PKCS12)?