Create CloudHSM Crypto Token for Root CA
The following describes how to create a CloudHSM Crypto Token for the Root CA:
- Under CA Functions, select Crypto Tokens, and then click Create new.
- On the New Crypto Token page, enter the following:
- Name:
- Specify the values as follows:
- Name: <anything> (Name for the Root CA CloudHSM Crypto Token, for example, "Corporate Root CA CloudHSM Crypto Token". Note that this is not the CA name but the name of the token.
- Type: PKCS#11
- Authentication Code: <HSM_CryptoUser>:<password> (ex. CryptoUser:CUPassword123!)
- AutoActivation: Clear.
- Use Explicit ECC parameters: Clear.
- PKCS#11: Library: AWS CloudHSM
- PKCS#11: Reference Type: Slot ID
- PKCS#11: Reference: 1
- PKCS#11: Attribute Type: Default
- Click Save.
- On the Crypto Token: <Name> page, confirm that the three key pairs within the Crypto Token display and the information CryptoToken created successfully shown at the top:
- defaultKey: Used for everything not signing or test.
- signKey: Used for cert signing.
- testKey: Used for testing health check for CA.