Black Box ET0100A Appliance Trim Kit User Manual

Using Enhanced Security Features
276 EncrypTight User Guide
Importing CA Certificates into the HSM
To import CA certificates into the HSM:
1 To import a CA certificate, at the command line type:
ctcert i -f <filename> -l <alias>
2 To set the certificate as trusted, type:
ctcert t -l <alias>
3 If prompted, enter the HSM password.
Generating a Key Pair for use with the HSM
To generate a key pair for use with the HSM:
1 At the command line, type:
keytool -keystore NONE -storetype PKCS11 -genkey -keyalg RSA
-providername SunPKCS11-psie -alias <alias> -storepass <password>
-dname “<distinguished name>”
Table 73 ctcert Parameters
Parameter Description
filename The name of the certificate file that you want to import.
alias The name of the entry for this certificate in the HSM.
Table 74 Generating an HSM key pair with keytool
Parameter Description
keystore Specifies the keystore to use. A type of NONE indicates that a security
device is being used for the keystore.
storetype Specifies the type of keystore in use.
genkey Generates a key pair.
keyalg Specifies the algorithm to use for the key pair.
providername Specifies the name of the security device/software.
alias Assigns a name for this key pair in the keystore.
storepass Specifies the password for the keystore.
dname Assigns values to the distinguished name fields for the certificate. For
information about this parameter, refer to “Certificate Information” on
page 264.