Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Using External CA/RA Private Keys

SSH Tectia Certifier supports PKCS #11 for public-key cryptographic operations. PKCS #11 is a generic cryptographic interface, originally intended to be a cryptographic token interface standard. Nowadays PKCS #11 interface is also used for offloading cryptographic operations to hardware.

SSH Tectia Certifier is able to use keys available in PKCS #11 modules. PKCS #11 module is a device and/or a piece of software which provides the PKCS #11 API. SSH Tectia Certifier has been tested with the PKCS #11 implementation of nCipher Corporation and Eracom Technologies.

  • nCipher HSMs

    In this document, the term nCipher HSM (hardware security module) is used to refer to either nCipher nForce or nCipher nShield. nCipher is an UK based company providing hardware security modules for web (SSL/TLS) acceleration and for security applications such as CA key storage. nCipher HSMs support all the platforms SSH Tectia Certifier supports.

  • Eracom HSMs

    SSH Tectia Certifier supports the Eracom ProtectServer Orange (CSA 8000) HSM. Eracom Technologies is an Australian company with a long history of producing hardware- and software-based security solutions.

Creating a CA with a PKCS #11 HSM

Checking the Key Backup

CA Private Key Options


PreviousNextUp[Front page] [Index]


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more