Problem with Protect Server Gold HSM

Networking/Security Forums -> Cryptographic Software and Hardware

Author: harshanahnd PostPosted: Sat Apr 18, 2009 7:06 am    Post subject: Problem with Protect Server Gold HSM
    ----
Hi,

I am configuring Protect Sever Gold HSM to use as a Root CA and I am using RedHat Certification System as a Subordinate CA. In this setup I observed that the certificate of the Root CA should have the value "TRUE"of the CA attribute in the X509v3 extension section. (http://en.wikipedia.org/wiki/X.509)

However a self signed certificate of the HSM does not have that value set. I was unable to create a certificate with this value and the certificates created by the HSM reads its version as "Version: 1". Is this because of a version problem?

Does anyone has experience in Protect Server Gold? How can I configure this module as a Root CA ?

--Thanks

Author: Fire AntLocation: London PostPosted: Sat Apr 18, 2009 1:35 pm    Post subject:
    ----
So the HSM should not have a certificate. The Root CA should have a certificate protected by the HSM. The certificate for the Root should be a v3 certificate.

Quote:
I am configuring Protect Sever Gold HSM to use as a Root CA
You need to use a CA as a CA!


Quote:
I am using RedHat Certification System as a Subordinate CA
Use the same for the root.

I would expect something like the following:

Offline Server - Root CA + HSM
Online Server - Issuing (Subordinate) CA + HSM

Matt_s



Networking/Security Forums -> Cryptographic Software and Hardware


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group