Can the KCA OneStep SSL certificate private key be kept on a HSM?
Originally Published: 2003-11-24
Article Number
Applies To
Sun Solaris 2.8
nCipher Hardware Security Module
Issue
Resolution
There are two ways to utilize the KCSOSD_SSLKEY_PASSPHRASE variable. You could program the passphrase into the plugin or insert the passphrase in HTML as an hidden field. The programmatic approach is more secure and is recommended for production systems. The HTML approach is good for demo purpose.
As an example, programmatically:
int KCSOSExchange(void *context, KCSOSNVInterface *pInterface) {
// ...
pInterface->InsertEntry(pInterface->NVlist, KCSOSD_SSLKEY_PASSPHRASE, "1234", 5);
// ...
}
HTML
<INPUT TYPE="HIDDEN" NAME="KCSOSD_SSLKEY_PASSPHRASE" value="1234">
Related Articles
How to Generate SSL Certificate Request and Private Key from the RSA SecurID Access Admin Console Number of Views Export a custom certificate with the private key from an RSA Authentication Manager 8.x server Number of Views How to recover from "Error: The private key could not be parsed" when trying to upload the RSA SecurID Access Identity Rou… Number of Views How to find which key on the HSM corresponds to a OneStep SSL certificate Number of Views How to configure Certificate Extension Profile for KCA OneStep Number of Views
Trending Articles
How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Artifacts to gather in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide How to Download OTP Token Seed Files from myRSA
Don't see what you're looking for?
