I use modutil to add crypto modules to the nss dbs like this:

shut down server
# cd <dogtag instance dir>/alias
# modutil -certdb . -nocertdb -add lunasa -libfile /usr/lunasa/lib/libCryptoki2.so
then you can list it:
# modutil -dbdir . -list

to test see the cert before you config more on the server, use certutil like this:
# certutil -d . -L -n "<nickname of your cert>"

Once you are sure it's hooked up correctly, modify your config with right token name, nickname etc.
I think the rest should be on migration or admin guide you can search.
Then you need to reissue your other system certs by using this CA's signing cert.

Hope this helps.
Christina

On 11/10/2010 02:02 AM, Alexander Jung wrote:

Hello,

we have a Microsoft CA that we'd like to migrate to a dogtag instance.

We built a few tools to import all the requests and certificates from
the Microsoft CA into a LDAP-Server used by the dogtag - this works so
far.

The CA key for the Microsoft CA has been generated in a Safenet Luna
K3 HSM and cannot be extracted from there, so we'll have to connect
the dogtag to this key in our HSM.

How can we do that ?

Mit freundlichen Grüßen,

Alexander Jung

_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
  

_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users