[Opendnssec-user] Sign certificate request with SoftHSMv2

Andrei Korostelev andrei at korostelev.net
Tue Feb 24 09:41:22 UTC 2015

Hi all,

To sign a certificate signing request (CSR) in OpenSSL I use
X509_sign() function
by feeding it with a request (as X509_REQ*), signing key and a digest.

Now I have my signing key stored in HSM, so I can't extract it to sign CSR.
Unfortunately PKCS#11 does not provide an analogue to X509_sign(). All it
has is C_Sign() / C_SignUpdate() / C_SignFinal() family of functions which
operate on raw data.

Can someone help me with sample C/C++ code how to use SoftHSMv2 to sign CSR
created with OpenSSL?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20150224/750b52f3/attachment.htm>

More information about the Opendnssec-user mailing list