How to generate certificate after private key generation in NitroKey HSM?

@sc-hsm @saper Thanks for your help already, Now need the help on the following :slight_smile:

Generated a private key inside NitroyKey HSM

pkcs11-tool --module /usr/local/lib/ -l --pin 648219 --keypairgen --key-type EC:prime256v1 --id 10

After this - How I can generate a pem format certificate? (May you please provide some steps e.g. how it can be achieved via opensc ?)

consider the case the private key got generated inside the HSM, that is Root Certificate Authority’s private key, means that supposed to be used by RCA, My Os is MacOS.

Here are some docs Creating a Certificate Authority — Nitrokey Documentation (this is using openssl but you should get the idea how it works).

This is also good

All right @saper , I will look into and get back here

1 Like

I’d suggest to use XCA or try the new TrustCenter function in the PKI-as-a-Service portal.

The later allows you to use things like key domains and public key authentication to protect your key material . It also provides for typical CA processes, like role based request processing (e.g. RA officer approves request, CA officer issues certificate).

All right I will look into that as well