Create CloudHSM Crypto Token for Root CA

The following describes how to create a CloudHSM Crypto Token for the Root CA:

  1. Under CA Functions, select Crypto Tokens, and then click Create new.
  2. On the New Crypto Token page, enter the following:
    1. Name
    2. Specify the values as follows:
      • Name: <anything> (Name for the Root CA CloudHSM Crypto Token, for example, "Corporate Root CA CloudHSM Crypto Token". Note that this is not the CA name but the name of the token.
      • Type: PKCS#11
      • Authentication Code: <HSM_CryptoUser>:<password> (ex. CryptoUser:CUPassword123!)
      • AutoActivation: Clear.
      • Use Explicit ECC parameters: Clear.
      • PKCS#11: Library: AWS CloudHSM
      • PKCS#11: Reference Type: Slot ID
      • PKCS#11: Reference: 1
      • PKCS#11: Attribute Type: Default
  3. Click Save.
  4. On the Crypto Token: <Name> page, confirm that the three key pairs within the Crypto Token display and the information CryptoToken created successfully shown at the top:
    • defaultKey: Used for everything not signing or test.
    • signKey: Used for cert signing.
    • testKey: Used for testing health check for CA.