What are the steps to integrate DogTag (Root) CA with an
HSM? Does this have to occur during installation?
I've successfully
performed a general installation with CA keys in software. I
was then able to modify secmod.db to add the HSM library and
restart the system. I can both use command line utilities
(certutil) and GUI (pkiconsole) to create keys on the HSM.
Re-keying the caSigning certificate works but the CA
certificate is issued (issuer) by the original software-based
issuer (therefore NOT a self-signed CA cert!). So I assume
this has to be done during initial installation (custom
install). But, how do I get the HSM PKCS#11 library
added/included with the custom install?