Skip to main content
Skip table of contents

Step 2: Create OCSP Keys in VA Hardware Appliance

Proceed as follows to create a crypto token and generate a public key in the VA Hardware Appliance. They will be used by OCSP to sign responses:

  1. Go to the EJBCA Enterprise Administration
  2. Open CA Functions > Crypto Tokens
  3. Click Create New

  4. Specify the following and click Save

    • Name: Enter OCSP key
    • Type: Select PKCS#11 NG
    • Auto-activation: Enable this option
    • Use explicit ECC parameters (ICAO CSCA and DS certificates): Disable this function
    • PKCS#11Library: Select Internal HSM
    • PKCS#11 ReferenceType: Select Slot ID
    • PKCS#11 Reference: Enter 3
    • PKCS#11 : Attribute File: Select Default
    • Authentication Code: Enter foo123 (the previously set password).
      Ensure that you have manually generated a slot password for the slot.
    • The index number depends on the installation.

  5. The Settings page displays the message CryptoToken created successfully.

  6. To create the key for signing OCSP responses, specify
    SignKey: RSA 2048 with the drop down function.

  7. -Key Usage-: choose Sign / Verify from the drop down menu
  8. Click Generate new key pair.

  9. Click Test to test the key. If successful, the following message is displayed: signKey tested successfully.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.