Hi NXP Layerscape Team,
I want to use the OpenVPN in the PKCS#11 mode. In the OpenVPN client config, the client cert shall be populated into the HSM token.
According to the Secure Object Library based OpenSSL Engine (libeng_secure_obj) in Layerscape Software Development Kit User Guide. (link: https://docs.nxp.com/bundle/GUID-1441E561-3EAD-47FD-A50D-72E1A4E4D69E/page/GUID-1D7DFFBB-9E23-4CDB-B...)
I have generated CSR by the user guide, and I have signed the CSR by our company's CA SaaS, our company's CA SaaS returned a signed client CERT to me. How can I write the client cert to the HSM?
I have tried to use the pkcs11-tool --write-object command line by a method from the https://wiki.onap.org/display/DW/Importing+key+and+certificate+using+pkcs11-tool+and+getting+it+from...
But my layerscape always prompts `error: PKCS11 function C_OpenSession failed: rv = CKR_ARGUMENTS_BAD (0x7)`. I have tried many inputs, but it is still this error.
The log is shown in the following figure:
Note, * there is no pin setting for the HSM token.
Please refer to the following update from the AE team.
Did customer try "sobj_app" application to create/generate objects, please refer to this section in LSDK document, https://docs.nxp.com/bundle/GUID-1441E561-3EAD-47FD-A50D-72E1A4E4D69E/page/GUID-94DA27FA-ADB5-432E-8...
Can "sobj_app" meet customer's requirement?
LSDK default doesn't support "pkcs11-tool".
For "sobj_app", confirmed with teammate,
#######
As of now, we don't support keeping the certificates in VirtualHSM.
Currently only keys can be stored in here.
#######