Black Box ET0010A User Manual
Using Enhanced Security Features
276
EncrypTight User Guide
Importing CA Certificates into the HSM
To import CA certificates into the HSM:
1 To import a CA certificate, at the command line type:
1 To import a CA certificate, at the command line type:
ctcert i -f <filename> -l <alias>
2 To set the certificate as trusted, type:
ctcert t -l <alias>
3 If prompted, enter the HSM password.
Generating a Key Pair for use with the HSM
To generate a key pair for use with the HSM:
1 At the command line, type:
1 At the command line, type:
keytool -keystore NONE -storetype PKCS11 -genkey -keyalg RSA
-providername SunPKCS11-psie -alias <alias> -storepass <password>
-dname “<distinguished name>”
-providername SunPKCS11-psie -alias <alias> -storepass <password>
-dname “<distinguished name>”
Table 73
ctcert Parameters
Parameter
Description
filename
The name of the certificate file that you want to import.
alias
The name of the entry for this certificate in the HSM.
Table 74
Generating an HSM key pair with keytool
Parameter
Description
keystore
Specifies the keystore to use. A type of NONE indicates that a security
device is being used for the keystore.
storetype
Specifies the type of keystore in use.
genkey
Generates a key pair.
keyalg
Specifies the algorithm to use for the key pair.
providername
Specifies the name of the security device/software.
alias
Assigns a name for this key pair in the keystore.
storepass
Specifies the password for the keystore.
dname
Assigns values to the distinguished name fields for the certificate. For
information about this parameter, refer to