Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Using External CA/RA Private Keys

SSH Tectia Certifier supports PKCS #11 for public-key cryptographic operations. PKCS #11 is a generic cryptographic interface, originally intended to be a cryptographic token interface standard. Nowadays PKCS #11 interface is also used for offloading cryptographic operations to hardware.

SSH Tectia Certifier is able to use keys available in PKCS #11 modules. PKCS #11 module is a device and/or a piece of software which provides the PKCS #11 API. SSH Tectia Certifier has been tested with the PKCS #11 implementation of nCipher Corporation and Eracom Technologies.

  • nCipher HSMs

    In this document, the term nCipher HSM (hardware security module) is used to refer to either nCipher nForce or nCipher nShield. nCipher is an UK based company providing hardware security modules for web (SSL/TLS) acceleration and for security applications such as CA key storage. nCipher HSMs support all the platforms SSH Tectia Certifier supports.

  • Eracom HSMs

    SSH Tectia Certifier supports the Eracom ProtectServer Orange (CSA 8000) HSM. Eracom Technologies is an Australian company with a long history of producing hardware- and software-based security solutions.

Creating a CA with a PKCS #11 HSM

Checking the Key Backup

CA Private Key Options

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now