To areate a Root CA that uses the CloudHSM Crypto Token, do the following:
- Go to the EJBCA Admin Web and select Certification Authorities.
- Under the Add CA field, enter a name for the Root CA, for example "Corporate Root CA - G1", and then click Create.
- Under Crypto Token select the Corporate Root CA CloudHSM Crypto Token Crypto Token. If you named the keys correctly, they should all populate automatically for the proper usages.
- Under Certificate Profile select Corporate Root CA Certificate Profile.
- Set the Validity to 25y (or the life you would like this CA to have).
- Clear LDAP DN order.
- Click Create.