Hi, > The CLCA documentation https://github.com/openxpki/clca specifies to use the > nCipher & Gemalto HSM as follows. > > # Define crypto engine to use. Supported values are > # openssl - OpenSSL software only (private keys stored on disk) > # chil - nCipher hardware > # gem - Gemalto Safenet Luna SA hardware > > How can we configure the CLCA to use YubiHSM?
- determine how the YubiHSM can be used with OpenSSL - identify the correct engine to use (likely pkcs11 with the YubiHSM2) - identify the correct key reference to use via PKCS#11 Craft a proper openssl.cnf file for your setup. Set ENGINE to the correct engine Set ROOTKEYNAME to the correct key identifier > Furthermore, there is no detailed documentation is available for the > configuration of CLCA from scratch. Kindly share, please. The Open Source version of clca is documented in a way that allows skilled IT Security professionals to make proper use of the tool in the current form. Should you desire a more polished product, detailed user documentation or should you need assistance in setting up a proper offline CA environment with clca I suggest to get in touch with White Rabbit Security for the clca Enterprise Edition. Cheers Martin _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
