Ejbca & Hardware Security Module

Asked Jun 13 '18 at 05:33

Active Jun 13 '18 at 05:33

Viewed 203 times

I'm using Ejbca as Certification Authority management system. The private keys and public keys store in HSM furthermore a self-signed certificate stores in hsm while storing the private key and public key

I want to know how to store the CA certificate instead of that self-signed certificate or manually import CA certificate to hsm

any advice is appreciated

I'm using Ejbca 6.0.4 and the hsm is SafeNet Protect Server

asked Jun 13 '18 at 05:33

mohammad pakivand

Whose Key Pair are you referring to? The users or a CA's or a Sub CA's? – always_a_rookie Jun 13 '18 at 13:43
CA's Key Pair I'm referring – mohammad pakivand Jun 13 '18 at 20:05
A CA's Key Pair is always self-signed. If want to store a signed certificate with the private key, then it is a Sub CA, not a CA. This is the hierarchy of a certificate chain: -- CA (self-signed) -- Sub CA (signed by CA) -- Another Sub CA (signed by the above Sub CA) -- Leaf certificate (signed by the above Sub CA). – always_a_rookie Jun 13 '18 at 20:24
but my subCA's also have self-signed certificate in hsm – mohammad pakivand Jun 13 '18 at 20:34
A SubCA cannot be self-signed. It should be signed by the CA. Are you sure it is configured right? – always_a_rookie Jun 15 '18 at 15:37
A SubCA cannot be self-signed. It should be signed by the CA. Are you sure it is configured right? – always_a_rookie Jun 15 '18 at 15:38

Ejbca & Hardware Security Module

0 Answers0