What are the steps to integrate DogTag (Root) CA with an HSM?  Does this have to occur during installation?

I've successfully performed a general installation with CA keys in software.  I was then able to modify secmod.db to add the HSM library and restart the system.  I can both use command line utilities (certutil) and GUI (pkiconsole) to create keys on the HSM.  Re-keying the caSigning certificate works but the CA certificate is issued (issuer) by the original software-based issuer (therefore NOT a self-signed CA cert!).  So I assume this has to be done during initial installation (custom install).  But, how do I get the HSM PKCS#11 library added/included with the custom install?

 

-----------------------------------------------------------
Dennis Gnatowski
dgnatowski@yahoo.com