If you have already performed these steps before creating the keys with the clientToolBox, restart SignServer using the command "service wildfly restart".

If you are creating the crypto token for the first time, proceed with the following steps:

  1. Login to SignServer as Superadmin.

  2. Select Add under All Workers:


  3. Select "From Template"
  4. Select the "cloudHSM-pkcs11.properties" template and click Next
  5. Specify the values as follows (Changing the values in bold as required):

    • WORKER3.IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker
    • WORKER3.NAME=CryptoTokenP11
    • WORKER3.PIN=CryptoUser:CUPassword123!
    • WORKER3.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.PKCS11CryptoToken
    • WORKER3.DEFAULTKEY=testKey0001
    • WORKER3.SLOTLABELVALUE=1
    • WORKER3.TYPE=CRYPTO_WORKER
    • WORKER3.SHAREDLIBRARYNAME=AWSCloudHSM
    • WORKER3.SLOTLABELTYPE=SLOT_NUMBER


  6. Click Apply.
  7. The worker will then come back as active.


  8. To see what keys are active in the crypto token that SignServer can see, select the CryptoTokenP11 worker.

  9. Select the Crypto Token link
  10. The keys will be displayed inside the Crypto Token.