- Launch Guide
- Quick Start Guide
- Backup Guide
- Restore and Upgrade Guide
- TLS Certificate Generation Guide
- Cluster Configuration Guide
-
Peering to EJBCA Cloud Configuration Guide
- AWS Operating Environment
- EJBCA/SignServer Peering Security Groups
- Generate TLS Certificates for SignServer
- Allow Peer Connections in SignServer
- Peer Connection Configuration
- Creating the Peer Connection
- Allow Peer Connection in SignServer
- Configuring Automatic Generation and Key Renewal over Peers
- Automatically Renewing the Key Binding Key
-
SignServer CloudHSM Integration Guide
- Multiple Crypto Tokens with AWS CloudHSM
- Create a CloudHSM Cluster
- Use OpenSSL to Validate the HSM
- Initialize the CloudHSM
- Assigning Security Group
- Configure the cloudhsm-client
- PKCS11 PIN
- Activate Cluster
- Create a CloudHSM Crypto User
- Create Keystore in HSM with ClientToolBox
- Test with EJBCA ClientToolBox
- Create CryptoToken in SignServer
- Restoring HSM Backup to New Instance
- SignServer Cloud Release Notes
Create CryptoToken in SignServer
If you have already performed these steps before creating the keys with the clientToolBox, restart SignServer using the command "
service wildfly restart"
.
If you are creating the crypto token for the first time, proceed with the following steps:
- Login to SignServer as Superadmin.
- Select Add under All Workers:
- Select "From Template"
- Select the "cloudHSM-pkcs11.properties" template and click Next
- Specify the values as follows (Changing the values in bold as required):
- WORKER3.IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker
- WORKER3.NAME=CryptoTokenP11
- WORKER3.PIN=CryptoUser:CUPassword123!
- WORKER3.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.PKCS11CryptoToken
- WORKER3.DEFAULTKEY=testKey0001
- WORKER3.SLOTLABELVALUE=1
- WORKER3.TYPE=CRYPTO_WORKER
- WORKER3.SHAREDLIBRARYNAME=AWSCloudHSM
- WORKER3.SLOTLABELTYPE=SLOT_NUMBER
- Click Apply.
- The worker will then come back as active.
- To see what keys are active in the crypto token that SignServer can see, select the CryptoTokenP11 worker.
- Select the Crypto Token link
- The keys will be displayed inside the Crypto Token.