The patch was applied and successfully tested on a VM containing
an nCipher nethsm:
# cat /etc/group | grep nfast
nfast:x:995:
# pkispawn -s CA -f /root/mlh/pki-master-mlh.inf -vvv
# cat /etc/group | grep nfast
nfast:x:995:pkiuser
# cd /var/lib/pki/pki-master-mlh/alias
# modutil -dbdir . -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. nfast
library name: /opt/nfast/toolkits/pkcs11/libcknfast.so
slots: 2 slots attached
status: loaded
slot: 061C-37A2-3CB3 Rt1
token: accelerator
slot: 061C-37A2-3CB3 Rt1 slot 0
token: NHSM6000
-----------------------------------------------------------
# certutil -d . -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
casigningcert-MLH CT,C,C
caauditsigningcert-MLH ,,P
# certutil -d . -h NHSM6000 -f /root/mlh/hsm_password -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
NHSM6000:casigningcert-MLH CTu,Cu,Cu
NHSM6000:caocspsigningcert-MLH u,u,u
NHSM6000:Server-Cert cert-pki-RootCA-MLH u,u,u
NHSM6000:casubsystemcert-MLH u,u,u
NHSM6000:caauditsigningcert-MLH u,u,Pu