Can we create certificate sign request (CSR) using HSM?
I did research & followed PKCS #11 OASIS document standard:
http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html
Finally, I am able to manage Certificate Request (CSR) from HSM.
Following are the steps to achieve the same:
- Generate Key Pair (Private, Public)
- Derive Key(C_DeriveKey) from public key and give followings
attribute:
- Mechanism - ENCODE_PKCS_10 (Certificate Request)
- Signing Key (Private Key)
- Signing Mechanism - SHA1_RSA_PKCS