You can store private keys in an HSM instead of a file. DXserver accesses the HSM using Public Key Cryptography Standard 11 (PKCS#11).
CA Directory is designed to support any HSM that supports PKCS#11. It has been tested on the Eracom “ProtectServer Orange External”.
To store keys in an HSM that has an onboard CA engine to create private keys and export the signed certificates, use the supporting tools from the HSM manufacturer as follows:
When an SSL session occurs, DXserver uses the certificate subject and the HSM pin number to access the HSM.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |