CA EEM Getting StartedFIPS 140-2 SupportHow to Configure CA EEM Server in FIPS-only Mode › Configure the CA EEM to Store Server Certificates in a PKCS#11 Device

Previous Topic: Configure the CA EEM to use Server certificates in a PKCS#11 Device

Next Topic: Configure Your Application in FIPS-only Mode

Configure the CA EEM to Store Server Certificates in a PKCS#11 Device

To store the CA EEM certificates in a PKCS#11 device, do the following:

  1. Stop the iGateway service.
  2. Open the iGateway.conf file and edit the <CertificateManager> tags to set the following values:
    certType

    Defines the type of certificate to be used. Supported certificate types are p12, pem, and p11.

    Default: pem

    Type: Childnode

    Using P11 certificate

    <pkcs11Lib><pkcs11Lib/>—Path to PKCS11 library provided by token

    <token><token/>—Token id

    <userpin><userpin/>—Munged user pin

    <id><id/>—Certificate and private key id

    <sensitive><sensitive/>—Private key is sensitive. Sensitive keys are not converted as software keys and cryptographic operation are performed using the cryptoki hardware (nonsensitive key can also be treated as sensitive but sensitive keys cannot be converted/treated as nonsensitive key) – optional defaults to false

  3. Save and close the iGateway.conf file.
  4. Start the iGateway services.