Certificate Creation using keys from Fortanix DSM
Steps to be followed:
- Login to SWG using CLI.
- On the root directory, create a new file “fortanix.cfg”, which stores the API_KEY value.
-
The content of the “fortanix.cfg” will be:
api_key = "API_KEY"
Example: - follow the below commands:
[root@mwgappl14937245 ~]# chmod 777 fortanix.cfg
[root@mwgappl14937245 ~]# export FORTANIX_PKCS11_NUM_SLOTS=1
[root@mwgappl14937245 ~]# echo $FORTANIX_PKCS11_NUM_SLOTS
1
[root@mwgappl14937245 ~]# openssl1.1
OpenSSL> engine -pre MODULE_PATH:/opt/fortanix/pkcs11/fortanix_pkcs11.so -pre VERBOSE pkcs11
- Output:
- Use the openssl “req” command to generate the certificate:
OpenSSL> req -engine pkcs11 -keyform engine -new -key "pkcs11:object=<Key>;pin-value=file:///root/fortanix.cfg" -x509 -days 3650 -out FILENAME.crt -set_serial 0xdeadbeef
- This will give the option to create the certificate file: