Generate a key pair and certificate on the CryptoHub
This section describes the steps to generate a key pair, CSR, and certificate and then sign the certificate.
Perform the following steps to connect and log in to the through FXCLI:
Run the FXCLI application.
Configure TLS certificates for communication between FXCLI and the by using the tls set of commands.
Run tls help to access syntax documentation.
Connect to the by using the following command:
Log in to the with the default Admin1 and Admin2 identities by running the following command twice, entering the username and password when prompted:
Perform the following steps to generate a new key pair on the :
Generate a new key pair in the next available key slot on the .
Modify the key usage values to match your specific requirements.
Confirm which key slot the private key was added to:
Assign a PKCS11 label to the key. You must set this field so certutil can find the key on the .
The PKCS11 label value should match the name that you set for the key pair in the generate command.
Perform the following step to generate a Certificate Signing Request (CSR):
Generate a CSR from the new key pair that was created on the :
Perform the following steps to create a Certificate Authority (CA):
Create a new key pair in the next available key slot on the :
Create a CA certificate from the key pair that was created on the :
Confirm which key slot the private key was added to:
Assign a PKCS11 label to the key. You must set this field so certutil can find the key on the .
The PKCS11 label value should match the name that you set for the key pair in the generate command.
Perform the following steps to sign the CSR by using the CA:
Sign the IgDemo CSR that you created by using the self-signed CA certificate:
Modify the key usage values to match your specific certificate requirements.
The signed leaf certificate is output to a file called IgDemo.pem.