Documents in CA

Certificate Authority based on Cryptographic Hardware Security Module

1. Overview This HowTo describes how to configure Rsignd service (PKI service) of WebADM on a PKCS11 cryptographic hardware security module (HSM). The objective is to involve the HSM for all CA signing operations and to increase the protection of the private key. This configuration is probably the most secure setup for a PKI service because the logical and physical access to the HSM is limited to one or few persons in a company.