Replies: 1 comment 2 replies
-
|
Yes you can use existing keys. And specifically for keys related to the Java pkcs11 provider here: With an example (generating the needed certificate object) here: https://docs.keyfactor.com/ejbca/latest/migrating-rsa-keon-ca-with-ncipher Or here (cmu selfSign): |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @primetomas does this apply to Community Edition? My experience with my ejbca-ce deployment is that UI and CLI tooling for working with the HSMs included with CE don't support registering existing keys in the HSM. My installation works great with the HSM as long as I'm creating a key in a crypto token linked to an existing partition. I'm unable to reference existing keys in the partition in my crypto token however. |
Beta Was this translation helpful? Give feedback.
-
|
Yes it does work, and the documentation explains everything in detail. Of course, there is also Enterprise and professional services available if you need help. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I've integrated EJBCA-CE 9.1.1 with Thales CloudHSM service successfully (can create crypto tokens using pkcs11 driver, can create new keys/delete created keys and use newly created keys with a CA to issue certificates, following this guide https://docs.keyfactor.com/ejbca/latest/thales-dpod.) However, I have previously been using openssl ca mode with other keys in the HSM that I would like to start using with EJBCA-CE. I don't see an option to reference existing keys when creating a hardware crypto token in UI or via ejbca.sh script. This doesn't appear to be captured in the docs; is the ability to use existing HSM keys not available with CE?
Thanks,
Walter
Beta Was this translation helpful? Give feedback.
All reactions