[Pki-users] Dogtag with Thales HSM
Ade Lee
alee at redhat.com
Wed Feb 4 03:44:08 UTC 2015
On Tue, 2015-02-03 at 13:34 -0800, Christina Fu wrote:
> Javi,
>
> The documentation was for RHCS8.1, for which the installation wizard
> would find the right supported modules.
>
> For Dogtag, we have a ticket open for
> https://fedorahosted.org/pki/ticket/1200 make sure pkispawn works with
> hsm
>
> I never tried it myself with pkispawn, but I imagine you can try
> looking up all the parameters with the name "token" in it
> in /etc/pki/default.cfg, and create a custom cfg files that contain
> these parameters with the right token name.
> That is of course under the assumption that you have set up the HSM
> and the library with the secmod using modutil.
>
> Let us know what happens. You can also contribute by adding your
> findings in the ticket yourself and we will take that into account
> when the ticket is being worked on.
>
Incidentally, the ticket Christina references is supposed to be worked
on and fixed by the end of this month or shortly thereafter.
Ade
> Christina
>
> On 02/03/2015 09:15 AM, Javier Gallart wrote:
>
> > Hello
> >
> > we are trying to setup Dogtag 10.2.1 with a Nshield Solo as HSM. We
> > haven't found a specific guide for this apart from the RedHat
> > documentation:
> >
> > https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Deploy_and_Install_Guide/using-tokens.html
> >
> >
> > The guide states: "The Certificate System supports the nCipher
> > netHSM hardware security module (HSM) by default".
> >
> >
> > Does that mean that pkispawn will detect the module and use it or
> > any manual intervention is required afterwards?
> >
> > Regards
> >
> > Javi
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list