This section explains how to test and validate Curity is integrated with KMES Series 3 for storing the private keys. Before starting this section, install and configure Curity per your specific requirements.
Validate success If things worked and you logged at the DEBUG level, you should see log messages like the following sample in the run-time nodes logs:
name = IDSVR_HSM library = /usr/local/bin/fxpkcs11/libfxpkcs11.so attributes = compatibility slotListIndex = 0 showInfo = true sunpkcs11: Initializing PKCS#11 library /usr/local/bin/fxpkcs11/libfxpkcs11.so sunpkcs11: login succeeded pkcs11keystore: engineGetEntry found private key entry Aliases in HSM: [Demo_1] HSM is loaded
Notice the following elements:
The configured library was loaded.
Which slot list index was used.
The login with the PIN worked.
The HSM has one key with the alias Curity_Demo_1. This means that SSL now uses a key from the HSM.
Test the connection To test this, open a connection to the node with a browser or openssl by running the following command:
echo | \ openssl s_client -connect localhost:8443 -showcerts | \ openssl x509 -inform pem -noout -text
This should output info about the self-signed cert imported onto the Futurex KMES, including a line like this: depth=0 CN = Demo_1.
