[Pki-users] Dogtag with Thales HSM

Ade Lee alee at redhat.com
Wed Feb 4 03:44:08 UTC 2015 

On Tue, 2015-02-03 at 13:34 -0800, Christina Fu wrote:
> Javi,
> 
> The documentation was for RHCS8.1, for which the installation wizard
> would find the right supported modules.
> 
> For Dogtag, we have a ticket open for
> https://fedorahosted.org/pki/ticket/1200 make sure pkispawn works with
> hsm
> 
> I never tried it myself with pkispawn, but I imagine you can try
> looking up all the parameters with the name "token" in it
> in /etc/pki/default.cfg, and create a custom cfg files that contain
> these parameters with the right token name.
> That is of course under the assumption that you have set up the HSM
> and the library with the secmod using modutil.
> 
> Let us know what happens.  You can also contribute by adding your
> findings in the ticket yourself and we will take that into account
> when the ticket is being worked on.
> 

Incidentally, the ticket Christina references is supposed to be worked
on and fixed by the end of this month or shortly thereafter.

Ade

> Christina
> 
> On 02/03/2015 09:15 AM, Javier Gallart wrote:
> 
> > Hello
> > 
> > we are trying to setup Dogtag 10.2.1 with a Nshield Solo as HSM. We
> > haven't found a specific guide for this apart from the RedHat
> > documentation:
> > 
> > https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Deploy_and_Install_Guide/using-tokens.html
> > 
> > 
> > The guide states: "The Certificate System supports the nCipher
> > netHSM hardware security module (HSM) by default".
> > 
> > 
> > Does that mean that pkispawn will detect the module and use it or
> > any manual intervention is required afterwards?
> > 
> > Regards
> > 
> > Javi
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list