Referencing Keys in Nitrokey HSM 2 within windows certificate management

I am trying to make a windows server 2019 installation to use Nitrokey HSM2 as a backend for storing the secret keys.

The HSM2 is successfully set up and recognized by the openSC minidriver (I used the sc-hsm-minidriver-test.exe to verify and and only the tests after PIN entry failed, 7 in total. For the OpenSC pkcs11-tool however, suplying the PIN works fine).

I could also import the certificate that was generated from a CSR created using SmartCardShell into the certificate management using the mmc certificate snap-in ( Working with Certificates - WCF | Microsoft Learn ).

However it doesn’t find the private key reference for the certificate, as when I use CertUtil, to list the certificates, I get “Certificate and private key were not found“ for the certificate imported.

Any ideas on how I could make that work?

I have to add: whenecer I run the sc-hsm-minidriver-test.exe it seems the PIN gets blocked.

I realized that the windows certificate management doesn’t actually allow (or need to) reference the HSMs. Just use the pkcs11 tools to interact with the HSM and if you do not have the certificate imported in the HSM, you can use the default cryptographic provider of windows to access the different cert stores.