Create CloudHSM Crypto Token for Root CA

The following describes how to create a CloudHSM Crypto Token for the Root CA:

1. Under CA Functions, select Crypto Tokens, and then click Create new.
2. On the New Crypto Token page, enter the following:
   1. Name: 
   2. Specify the values as follows:
      
      • Name: <anything> (Name for the Root CA CloudHSM Crypto Token, for example, "Corporate Root CA CloudHSM Crypto Token". Note that this is not the CA name but the name of the token.
      • Type: PKCS#11
      • Authentication Code: <HSM_CryptoUser>:<password> (ex. CryptoUser:CUPassword123!)
      • AutoActivation: Clear.
      • Use Explicit ECC parameters: Clear.
      • PKCS#11: Library: AWS CloudHSM
      • PKCS#11: Reference Type: Slot ID
      • PKCS#11: Reference: 1
      • PKCS#11: Attribute Type: Default
      
3. Click Save.
4. On the Crypto Token: <Name> page, confirm that the three key pairs within the Crypto Token display and the information CryptoToken created successfully shown at the top:
   • defaultKey: Used for everything not signing or test.
   • signKey: Used for cert signing.
   • testKey: Used for testing health check for CA.