9.2. Using ECC with an HSM

PDF

The HSMs supported by Certificate System support their own native ECC modules. To create an instance with ECC system certificates:

Set up the HSM per manufacturer's instructions. If multiple hosts are sharing the HSM, make sure they can all access the same partition if needed and if the site policies allow it.
Define the required parameters in the pkispawn utility configuration file and run pkispawn. For example, to configure Certificate System to create an ECC CA, assuming the configuration file is ecc.inf:
1. Edit ecc.inf to specify the appropriate settings. For an example of the configuration file, see the pkispawn(8) man page.
2. Run pkispawn against ecc.inf:
```
$ script -c 'pkispawn -s CA -f /root/pki/ecc.inf -vvv'
```

Github

Youtube

Twitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.