Hi Raj: On June 4, 2009 12:58:02 pm Raj wrote: > Hello Experts, > > I request your expert opinion in generating a PKCS#10 CSR; > > I have generated my RSA 1024 private public key pair in the HSM. The HSM > exposes the keys as handles. > First question: Do you have OpenSSL patched to use that particular HSM as an engine?
Second question: Do you have a openssl.cnf set up that properly instantiates that engine? > I am seeing that OpenSSL is raising the CSR (-new) but it generates the RSA > key pair. In my case, i already have the keys generated with various > attributes; I want to raise a CSR of this key pair which are referred by > their handles. > If that handle is in a file (most patches that I've seen for HSMs allow you to do this), then just point the -key parameter as that file. For information on how to create this openssl compatible private key file that contains the handle (if you don't have it already), I would talk to your HSM vendor. Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org