Black Box ET0010A User Manual

Working with Certificates for the ETEPs

EncrypTight User Guide

277

Generating a Certificate Signing Request for the HSM

To generate a certificate signing request:
1 At the command line, type:

keytool -keystore NONE -storetype PKCS11 -certreq -keyalg RSA
-providername SunPKCS11-psie -alias <alias> -storepass <password> -file
<csr filename>

Importing Signed Certificates into the HSM

To import signed certificates into the HSM:
1 At the command line, type:

keytool -keystore NONE -storetype PKCS11 -import -alias <alias> -file
<filename> -providername SunPKCS11-psie -storepass <password>

Working with Certificates for the ETEPs

The Certificate Manager is a tool for obtaining and managing certificates for your ETEPs, including
identity certificates and the external certificates used for validating other EncrypTight components.

Table 75

Generating a Certificate Signing Request for use with the HSM

Parameter

Description

keystore

Specifies the keystore to use. A type of NONE indicates that a security

device is being used for the keystore.

storetype

Specifies the type of keystore in use.

certreq

Generates a certificate signing request.

keyalg

Specifies the algorithm to use for the certificate.

providername

Specifies the name of the security device/software.

alias

Assigns a name for this entry in the keystore.

storepass

Specifies the password for the keystore.

file

Specifies a name for the certificate signing request file.

Table 76

Importing a certificate to the HSM

Parameter

Description

keystore

Specifies the keystore to use. A type of NONE indicates that a security

device is being used for the keystore.

storetype

Specifies the type of keystore in use.

alias

Assigns a name for this entry in the keystore.

file

Specifies the name of the certificate file to import.

providername

Specifies the name of the security device/software.

storepass

Specifies the password for the keystore.

providername

Specifies the name of the security device/software.