Primekey EJBCA
CORE can be used to provide enhanced key protection to Primekey EJBCA acting as a virtual HSM
Hardware Security Module - a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. See EJBCA Documentation.
To integrate the CORE client with EJBCA, perform the following steps:
- Install and configure the CORE client on the EJBCA machine.
- In the CORE server create a partition to store the EJBCA key material.
- Register the EJBCA machine as the partition's client.
- Integrate CORE in EJBCA
Integrate CORE in EJBCA
To configure CORE as one of the PKCSPublic-Key Cryptography Standards - Industry-standard cryptography specifications.#11 modules on the EJBCA machine:
- Locate the CORE PKCSPublic-Key Cryptography Standards - Industry-standard cryptography specifications.#11 software file
libekmpkcs11.so.
For example:/usr/lib64/libekmpkcs11.so. - Locate the EJBCA configuration file
web.properties.
For example:/etc/ejbca/conf/web.properties. - In the
web.propertiesfile, locate the list ofPKCS.Public-Key Cryptography Standards - Industry-standard cryptography specifications.#11 CryptoToken libraries
For example: - Uncomment an entry in the list and add CORE PKCSPublic-Key Cryptography Standards - Industry-standard cryptography specifications.#11 library and its displayed name:
Note
For the platform-dependent location of the libekmpkcs11.so, see Path to PKCS#11 Library.
# Available PKCS#11 CryptoToken libraries and their display names
#cryptotoken.p11.lib.10.name=*********************
#cryptotoken.p11.lib.10.file=**********************
cryptotoken.p11.lib.XX.name=Unbound UKC.
cryptotoken.p11.lib.XX.file=/usr/lib64/libekmpkcs11.so
For example:
# Available PKCS#11 CryptoToken libraries and their display names
cryptotoken.p11.lib.10.name=Unbound Tech.
cryptotoken.p11.lib.10.file=/usr/lib64/libekmpkcs11.so
#cryptotoken.p11.lib.11.name=*********************
#cryptotoken.p11.lib.11.file=**********************