Step 2: Create OCSP Keys in VA Hardware Appliance

Proceed as follows to create a crypto token and generate a public key in the VA Hardware Appliance. They will be used by OCSP to sign responses:

  1. Go to the EJBCA Admin Web and open CA Functions > Crypto Tokens.
  2. Click Create New.

  3. Specify the following and click Save:

    • Name: Enter OCSP key
    • Type: Select PKCS#11
    • Authentication Code: Enter foo123 (the previously set password).
      Ensure that you have manually generated a slot password for the slot.
    • Auto-activation: Enable this option
    • PKCS#11Library: Select Internal HSM
    • PKCS#11 ReferenceType: Select Slot ID
    • PKCS#11 Reference: Enter 3
      The index number depends on the installation.

    Crypto Token for OCSP
  4. The Settings page displays the message CryptoToken created successfully.
  5. To create the key for signing OCSP responses, specify SignKey: RSA 2048 and click Generate new key pair.
  6. Click Test to test the key. If successful, the following message is displayed: signKey tested successfully.