How to generate certificate after private key generation in NitroKey HSM?

esumit · May 19, 2022, 9:33am

@sc-hsm @saper Thanks for your help already, Now need the help on the following

Generated a private key inside NitroyKey HSM

pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -l --pin 648219 --keypairgen --key-type EC:prime256v1 --id 10

After this - How I can generate a pem format certificate? (May you please provide some steps e.g. how it can be achieved via opensc ?)

consider the case the private key got generated inside the HSM, that is Root Certificate Authority’s private key, means that supposed to be used by RCA, My Os is MacOS.

saper · May 19, 2022, 9:54am

Here are some docs Creating a Certificate Authority — Nitrokey Documentation (this is using openssl but you should get the idea how it works).

This is also good

https://raymii.org/s/articles/Get_Started_With_The_Nitrokey_HSM.html#Using_the_keys

esumit · May 19, 2022, 10:03am

All right @saper , I will look into and get back here

sc-hsm · May 20, 2022, 7:36am

I’d suggest to use XCA or try the new TrustCenter function in the PKI-as-a-Service portal.

The later allows you to use things like key domains and public key authentication to protect your key material . It also provides for typical CA processes, like role based request processing (e.g. RA officer approves request, CA officer issues certificate).

esumit · May 20, 2022, 7:58am

All right I will look into that as well