.png){kind=logo}
The following describes how to create a CloudHSM Crypto Token for the Root CA:
-
Under CA Functions, select Crypto Tokens, and then click Create new.
-
On the New Crypto Token page, enter the following:
-
Name: <anything> (Name for the Root CA CloudHSM Crypto Token, for example, "Corporate Root CA CloudHSM Crypto Token". Note that this is not the CA name but the name of the token.
-
Type: PKCS#11
-
Authentication Code: <HSM_CryptoUser>:<password> (ex. CryptoUser:CUPassword123!)
-
AutoActivation: Clear.
-
Use Explicit ECC parameters: Clear.
-
PKCS#11: Library: AWS CloudHSM
-
PKCS#11: Reference Type: Slot ID
-
PKCS#11: Reference: 1
-
PKCS#11: Attribute Type: Default
-
-
Click Save.
-
On the Crypto Token: <Name> page, confirm that the information CryptoToken created successfully is shown at the top, and the three key pairs within the Crypto Token are displayed:
-
defaultKey: Used for everything not signing or test.
-
signKey: Used for cert signing.
-
testKey: Used for testing health check for CA.
-