[Opendnssec-user] Sign certificate request with SoftHSMv2
andrei at korostelev.net
Tue Feb 24 09:41:22 UTC 2015
To sign a certificate signing request (CSR) in OpenSSL I use
by feeding it with a request (as X509_REQ*), signing key and a digest.
Now I have my signing key stored in HSM, so I can't extract it to sign CSR.
Unfortunately PKCS#11 does not provide an analogue to X509_sign(). All it
has is C_Sign() / C_SignUpdate() / C_SignFinal() family of functions which
operate on raw data.
Can someone help me with sample C/C++ code how to use SoftHSMv2 to sign CSR
created with OpenSSL?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-user