Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Certificate Creation using keys from Fortanix DSM

Steps to be followed:  
  1. Login to SWG using CLI.
  2. On the root directory, create a new file “fortanix.cfg”, which stores the API_KEY value.
  3. The content of the “fortanix.cfg” will be:

    api_key = "API_KEY"

    Example: clipboard_e8cc27609e79baf198a40e9e8ff2f2bfd.png
  4. follow the below commands:

    [root@mwgappl14937245 ~]# chmod 777  fortanix.cfg

    [root@mwgappl14937245 ~]# export FORTANIX_PKCS11_NUM_SLOTS=1

    [root@mwgappl14937245 ~]# echo $FORTANIX_PKCS11_NUM_SLOTS

    1

    [root@mwgappl14937245 ~]# openssl1.1

    OpenSSL> engine -pre MODULE_PATH:/opt/fortanix/pkcs11/fortanix_pkcs11.so -pre VERBOSE pkcs11

  5. Output:
    clipboard_ed87ad1bdfde874b9c366d13a42272e47.png
     
  1. Use the openssl “req” command to generate the certificate: 

OpenSSL> req -engine pkcs11 -keyform engine -new  -key "pkcs11:object=<Key>;pin-value=file:///root/fortanix.cfg" -x509 -days 3650 -out FILENAME.crt -set_serial 0xdeadbeef 

  1. This will give the option to create the certificate file: 

clipboard_ed2535ca646e7a7316eb2335c8a17b1c6.png

 


 

  • Was this article helpful?