Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Using External CA/RA Private Keys

SSH Tectia Certifier supports PKCS #11 for public-key cryptographic operations. PKCS #11 is a generic cryptographic interface, originally intended to be a cryptographic token interface standard. Nowadays PKCS #11 interface is also used for offloading cryptographic operations to hardware.

SSH Tectia Certifier is able to use keys available in PKCS #11 modules. PKCS #11 module is a device and/or a piece of software which provides the PKCS #11 API. SSH Tectia Certifier has been tested with the PKCS #11 implementation of nCipher Corporation and Eracom Technologies.

  • nCipher HSMs

    In this document, the term nCipher HSM (hardware security module) is used to refer to either nCipher nForce or nCipher nShield. nCipher is an UK based company providing hardware security modules for web (SSL/TLS) acceleration and for security applications such as CA key storage. nCipher HSMs support all the platforms SSH Tectia Certifier supports.

  • Eracom HSMs

    SSH Tectia Certifier supports the Eracom ProtectServer Orange (CSA 8000) HSM. Eracom Technologies is an Australian company with a long history of producing hardware- and software-based security solutions.

Creating a CA with a PKCS #11 HSM

Checking the Key Backup

CA Private Key Options

PreviousNextUp[Front page] [Index]

Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps