Hi NXP Layerscape Team,
I want to use the OpenVPN in the PKCS#11 mode. In the OpenVPN client config, the client cert shall be populated into the HSM token.
According to the Secure Object Library based OpenSSL Engine (libeng_secure_obj) in Layerscape Software Development Kit User Guide. (link: https://docs.nxp.com/bundle/GUID-1441E561-3EAD-47FD-A50D-72E1A4E4D69E/page/GUID-1D7DFFBB-9E23-4CDB-B...)
I have generated CSR by the user guide, and I have signed the CSR by our company's CA SaaS, our company's CA SaaS returned a signed client CERT to me. How can I write the client cert to the HSM?
I have tried to use the pkcs11-tool --write-object command line by a method from the https://wiki.onap.org/display/DW/Importing+key+and+certificate+using+pkcs11-tool+and+getting+it+from...
But my layerscape always prompts `error: PKCS11 function C_OpenSession failed: rv = CKR_ARGUMENTS_BAD (0x7)`. I have tried many inputs, but it is still this error.
The log is shown in the following figure:
Note, * there is no pin setting for the HSM token.
I went through the "sobj_app" application's man. The "sobj_app" can only support the objects pair (private key and public key) and public key. I would like to write a cert object to the VirtualHSM, though. How do I add a client certificate to the HSM?
