-
Notifications
You must be signed in to change notification settings - Fork 138
YubiHSM
Endi S. Dewata edited this page Sep 28, 2023
·
11 revisions
$ dnf install yubihsm-connector yubihsm-shell
The configuration is located at /etc/yubihsm-connector.yaml
:
# Certificate (X.509) #cert: "" # # Certificate key #key: "" # # Listening address. Defaults to "127.0.0.1:12345". #listen: "127.0.0.1:12345" # # Device serial in case of multiple devices #serial: "" # # Log to syslog/eventlog. Defaults to "false". #syslog: "false"
$ systemctl start yubihsm-connector
$ yubihsm-shell yubihsm>
Prepare an NSS database. For example, the following command will create an NSS database in $HOME/.dogtag/nssdb
:
$ pki nss-create --force
To install YubiHSM module:
$ export YUBIHSM_PKCS11_CONF=$HOME/.dogtag/nssdb/yubihsm_pkcs11.conf $ echo "connector = http://127.0.0.1:12345" > $YUBIHSM_PKCS11_CONF $ modutil -dbdir $HOME/.dogtag/nssdb -nocertdb -add yubihsm2 -libfile /usr/lib64/pkcs11/yubihsm_pkcs11.so -force
To verify the module:
$ modutil -dbdir $HOME/.dogtag/nssdb -list ... 2. yubihsm2 library name: /usr/lib64/pkcs11/yubihsm_pkcs11.so uri: pkcs11:library-manufacturer=Yubico%20(www.yubico.com);library-description=YubiHSM%20PKCS%2311%20Library;library-version=2.40 slots: 1 slot attached status: loaded slot: YubiHSM Connector localhost token: uri: pkcs11: ...
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |