What are the steps to integrate DogTag (Root) CA with an HSM? Does this have to occur during installation?
I've successfully performed a general installation with CA keys in software. I was then able to modify secmod.db to add the HSM library and restart the system. I can both use command line utilities (certutil) and GUI (pkiconsole) to create keys on the HSM. Re-keying the caSigning certificate works but the CA certificate is issued (issuer) by the original software-based issuer (therefore NOT a
self-signed CA cert!). So I assume this has to be done during initial installation (custom install). But, how do I get the HSM PKCS#11 library added/included with the custom install?
-----------------------------------------------------------
Dennis Gnatowski
dgnatowski@yahoo.com