Skip to content

Commit 8958431

Browse files
robin-nitrokeyrobin-nitrokey
committed
nethsm: Update EJBCA documentation
1 parent 8e1d5c6 commit 8958431

File tree

1 file changed

+7
-25
lines changed

1 file changed

+7
-25
lines changed

source/components/nethsm/ejbca.rst

Lines changed: 7 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,8 @@
11
EJBCA
22
=====
33

4-
.. warning::
5-
Because of some integration problems with the Sun PKCS11 provider, keys generated from EJBCA will have a random name instead of the name given in the interface.
6-
Therefor this documentation is only a Proof-of-Concept. Support for EJBCA will be introduced by NetHSM software 3.0.
7-
4+
.. note::
5+
EJBCA requires at least NetHSM v3 and nethsm-pkcs11 v2.
86

97
`EJBCA <https://www.ejbca.org/>`__ is a PKI Certificate Authority software available as open source.
108

@@ -16,34 +14,18 @@ Then configure EJBCA to use the NetHSM PKCS#11 module by adding an entry in the
1614
1715
cryptotoken.p11.lib.418.name=NetHSM
1816
cryptotoken.p11.lib.418.file=/usr/lib/nitrokey/libnethsm_pkcs11.so
17+
cryptotoken.p11.lib.418.canGenerateKey=true
1918
2019
2120
.. note::
2221
The ``418`` in the name is an index that must be unique for each PKCS#11 module in the configuration file.
2322

24-
To be able to generate keys from the interface you need to set the ``enable_set_attribute_value`` option to true in the ``p11nethsm.conf`` file.
25-
2623
After restarting EJBCA you can add a new Crypto Token in the EJBCA Admin GUI ``https://mycahostname/ejbca/adminweb/cryptotoken/cryptotokens.xhtml``.
2724
The Crypto Token type is ``PKCS#11 Crypto Token`` and the Crypto Token name is ``NetHSM``.
2825

2926

30-
Executing The Example
31-
---------------------
32-
33-
If you want to experiment with the given example you can use git to clone the `nethsm-pkcs11 repository <https://github.com/Nitrokey/nethsm-pkcs11>`__ and run the following commands:
34-
35-
1. Configure a NetHSM, either a real one or a container. Refer to chapter `Getting Started <getting-started.html>`__ to learn more.
36-
2. Change the libnethsm_pkcs11 configuration to match your NetHSM in ``container/ejbca/p11nethsm.conf``.
37-
3. Build the container.
38-
39-
.. code-block:: shell-session
40-
41-
docker build -f container/ejbca/Dockerfile . -t pkcs-ejbca
27+
Docker Example
28+
---------------
4229

43-
4. Run the container.
44-
45-
.. code-block:: shell-session
46-
47-
docker run --rm -it -p 9443:8443 -p 9080:8080 -h mycahostname -e TLS_SETUP_ENABLED="simple" pkcs-ejbca
48-
49-
The container will be available at `https://localhost:9443/ <https://localhost:9443/>`__.
30+
We provide an example setup using docker for testing.
31+
If you want to experiment with it you can use git to clone the `nethsm-pkcs11 repository <https://github.com/Nitrokey/nethsm-pkcs11>`__ and then follow the steps described in the `container/ejbca/README.md <https://github.com/Nitrokey/nethsm-pkcs11/blob/main/container/ejbca/README.md>`__ file.

0 commit comments

Comments
 (0)