I am currently unable to create a CSR using OpenSSl 1.1.d.
I copied opensc-pkcs11.dll to C:\windows\system32 as paths with blanks do not work on openssl.
Then I got the pkcs11.dll. Copied this and libp11.dll and opensc-pkcs11.dll to a directory (without blanks in the name, as this will not work with OpenSSL)
Another way to generate a CSR is to use XCA or the Smart Card Shell.
In the Smart Card Shell you generate a key and select “Generate PKCS#10 Request” from the context menu attached to the public key. When you receive the certificate, you can import it with “Import certificate”.
Hi,
these articels here in the forum where really helpfull!
We managed to successfully sign our application with the HSM2 using the https://github.co/chris2511/xca version 2.3.0 for the csr creation. The guide on the opensc wiki https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM to know what to do with the pkcs11-tool.exe and sc-hsm-tool.exe. OpenSC in version 0.20.0 https://github.com/OpenSC/OpenSC/releases. signtool.exe we got from here https://developer.microsoft.com/de-de/windows/downloads/windows-10-sdk/.
We first wanted to use openssl on Windows to create the csr, but this ends up in problems with pkcs#11 engine trouble, if you use pre compiled openssl binaries. It is much easier to use xca. To sign the application successfully we needed to import the certificate using the mmc. For signtool.exe you should add /fd sha256 otherwise it will only use sha1 for signing your binary.
Thanks the information on this forum saved so much time for us