Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

PreviousNextUp[Front page] [Index]

Using External CA/RA Private Keys

SSH Tectia Certifier supports PKCS #11 for public-key cryptographic operations. PKCS #11 is a generic cryptographic interface, originally intended to be a cryptographic token interface standard. Nowadays PKCS #11 interface is also used for offloading cryptographic operations to hardware.

SSH Tectia Certifier is able to use keys available in PKCS #11 modules. PKCS #11 module is a device and/or a piece of software which provides the PKCS #11 API. SSH Tectia Certifier has been tested with the PKCS #11 implementation of nCipher Corporation and Eracom Technologies.

  • nCipher HSMs

    In this document, the term nCipher HSM (hardware security module) is used to refer to either nCipher nForce or nCipher nShield. nCipher is an UK based company providing hardware security modules for web (SSL/TLS) acceleration and for security applications such as CA key storage. nCipher HSMs support all the platforms SSH Tectia Certifier supports.

  • Eracom HSMs

    SSH Tectia Certifier supports the Eracom ProtectServer Orange (CSA 8000) HSM. Eracom Technologies is an Australian company with a long history of producing hardware- and software-based security solutions.

Creating a CA with a PKCS #11 HSM

Checking the Key Backup

CA Private Key Options

PreviousNextUp[Front page] [Index]