Creating a Key Store with CA-Signed Certificate

Required Files

Before proceeding, ensure that you have the following three PEM files:

Certificate Authority (CA) PEM file
Signed PEM certificate
Private key PEM file

The following example uses ssl-cert-keyhsm-ca.pem, ssl-cert-keyhsm.pem, and ssl-cert-keyhsm-pk.pem, respectively, to represent these files.

Create the Key Store

The following command accepts the ssl-cert-keyhsm.pem and ssl-cert-keyhsm-pk.pem files and converts them to a .p12 file:

$ openssl pkcs12 -export -in ssl-cert-keyhsm.pem -inkey ssl-cert-keyhsm-pk.pem -out mycert.p12 -name alias -CAfile ssl-cert-keyhsm-ca.pem -caname root -chain

Validating Key HSM Settings

Managing the Navigator Key HSM Service