Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

PreviousNextUp[Front page] [Index]

Using External CA/RA Private Keys

SSH Tectia Certifier supports PKCS #11 for public-key cryptographic operations. PKCS #11 is a generic cryptographic interface, originally intended to be a cryptographic token interface standard. Nowadays PKCS #11 interface is also used for offloading cryptographic operations to hardware.

SSH Tectia Certifier is able to use keys available in PKCS #11 modules. PKCS #11 module is a device and/or a piece of software which provides the PKCS #11 API. SSH Tectia Certifier has been tested with the PKCS #11 implementation of nCipher Corporation and Eracom Technologies.

  • nCipher HSMs

    In this document, the term nCipher HSM (hardware security module) is used to refer to either nCipher nForce or nCipher nShield. nCipher is an UK based company providing hardware security modules for web (SSL/TLS) acceleration and for security applications such as CA key storage. nCipher HSMs support all the platforms SSH Tectia Certifier supports.

  • Eracom HSMs

    SSH Tectia Certifier supports the Eracom ProtectServer Orange (CSA 8000) HSM. Eracom Technologies is an Australian company with a long history of producing hardware- and software-based security solutions.

Creating a CA with a PKCS #11 HSM

Checking the Key Backup

CA Private Key Options

PreviousNextUp[Front page] [Index]