The Installation and User's Guide describes how the HSM is installed and how how PKCS#11 tokens are created and how a backup of a token is done. But it might be helpful to mention some additional things:
- A virtual HSM correspond to a PKCS#11 token.
- The number of the virtual HSM corresponds to the PKCS#11 slot ID of the token.
- The PKCS#11 user PIN is the PKCS#11 application authentication in the Personalizing a virtual HSM step.
- If CIK startup mode is selected for the virtual HSM personalization you must start the HSM manually before EJBCA can use it.
- Make sure that backup-restore work before taken the HSM in production since the first versions did not backup the certificate of a key which is needed by the java wrapper.