Re: [Pki-users] connect dogtag to a existing Key in a luna HSM ?

I use modutil to add crypto modules to the nss dbs like this: shut down server # cd <dogtag instance dir>/alias # modutil -certdb . -nocertdb -add lunasa -libfile /usr/lunasa/lib/libCryptoki2.so then you can list it: # modutil -dbdir . -list to test see the cert before you config more on the server, use certutil like this: # certutil -d . -L -n "<nickname of your cert>"

Once you are sure it's hooked up correctly, modify your config with right token name, nickname etc. I think the rest should be on migration or admin guide you can search. Then you need to reissue your other system certs by using this CA's signing cert. Hope this helps. Christina On 11/10/2010 02:02 AM, Alexander Jung wrote: > Hello, > > we have a Microsoft CA that we'd like to migrate to a dogtag instance. > > We built a few tools to import all the requests and certificates from > the Microsoft CA into a LDAP-Server used by the dogtag - this works so > far. > > The CA key for the Microsoft CA has been generated in a Safenet Luna > K3 HSM and cannot be extracted from there, so we'll have to connect > the dogtag to this key in our HSM. > > How can we do that ? > > Mit freundlichen Grüßen, > > Alexander Jung > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users