Can we create certificate sign request (CSR) using HSM?

I did research & followed PKCS #11 OASIS document standard:

http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html

Finally, I am able to manage Certificate Request (CSR) from HSM.

Following are the steps to achieve the same:

  1. Generate Key Pair (Private, Public)
  2. Derive Key(C_DeriveKey) from public key and give followings attribute:
    • Mechanism - ENCODE_PKCS_10 (Certificate Request)
    • Signing Key (Private Key)
    • Signing Mechanism - SHA1_RSA_PKCS