11b - Create a CryptoToken in EJBCA - SDK3

NOTE If you have already performed these steps before creating the keys with the clientToolBox, restart EJBCA using the command service wildfly restart.

If you are creating the crypto token for the first time, proceed with the following steps:

1. Login to EJBCA as Superadmin.
2. Select Crypto Tokens and click Create new:
   

   

3. Specify the values as follows:
   
   For EJBCA 7.5 and above:

   • Name: <anything> (For example "CloudHSM Root Slot")

   • Type: PKCS#11 NG

   • Authentication Code: <HSM_CryptoUser>:<password> (ex. CryptoUser:CUPassword123!)

   • AutoActivation: Checked for all but Root CAs, generally

   • Use Explicit ECC parameters: Clear

   • PKCS#11: Library: AWS CloudHSM

   • PKCS#11: Reference Type: Slot/Token Label

   • PKCS#11: Reference: cavium

   • PKCS#11: Attribute Type: Default

For EJBCA 7.4.3.3 and below:Name: <anything> (For example "CloudHSM Root Slot")

1. • Type: PKCS#11

   • Authentication Code: <HSM_CryptoUser>:<password> (ex. CryptoUser:CUPassword123!)

   • AutoActivation: Checked for all but Root CAs, generally

   • Use Explicit ECC parameters: Clear

   • PKCS#11: Library: AWS CloudHSM PrimeKey

   • PKCS#11: Reference Type: Slot ID

   • PKCS#11: Reference: 1

   • PKCS#11: Attribute Type: Default
     

   

2. Click Save.

3. All keys in the slot created by ClientToolBox display in the Crypto Token: