• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Problem with Protect Server Gold HSM

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware

View previous topic :: View next topic  
Author Message
harshanahnd
Just Arrived
Just Arrived


Joined: 18 Apr 2009
Posts: 0


Offline

PostPosted: Sat Apr 18, 2009 7:06 am    Post subject: Problem with Protect Server Gold HSM Reply with quote

Hi,

I am configuring Protect Sever Gold HSM to use as a Root CA and I am using RedHat Certification System as a Subordinate CA. In this setup I observed that the certificate of the Root CA should have the value "TRUE"of the CA attribute in the X509v3 extension section. (http://en.wikipedia.org/wiki/X.509)

However a self signed certificate of the HSM does not have that value set. I was unable to create a certificate with this value and the certificates created by the HSM reads its version as "Version: 1". Is this because of a version problem?

Does anyone has experience in Protect Server Gold? How can I configure this module as a Root CA ?

--Thanks
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Sat Apr 18, 2009 1:35 pm    Post subject: Reply with quote

So the HSM should not have a certificate. The Root CA should have a certificate protected by the HSM. The certificate for the Root should be a v3 certificate.

Quote:
I am configuring Protect Sever Gold HSM to use as a Root CA
You need to use a CA as a CA!


Quote:
I am using RedHat Certification System as a Subordinate CA
Use the same for the root.

I would expect something like the following:

Offline Server - Root CA + HSM
Online Server - Issuing (Subordinate) CA + HSM

Matt_s
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register