I have already configured one HSM token and CA keys are on that token. I would like the replace the current token with a new token and same older keys. keys already copied to new token. it seems EJBCA generated some random id for every token that can't be regenerated.
is there any possibility?
Regards,
Sanaullah
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
EJBCA doesnot generate any random id on the token that can't be regenerated. It is pure PKCS#11 with certain objects required. In the Admin Guide you can read about what is required.
Upgrading HSMs from one to another is a typical task that is standard procedure for EJBCA installlations.
Cheers,
Tomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My new token is listed in in Crypto Token section and i remove the older token.when i edit the CA I am getting this.
Crypto Token [?] CryptoToken 732248322 not found.
the below details are written in EJBCA Crypto Tokens details [1]
"The PKCS#11 properties above are described in more technical detail in the AdminGuide's HSM section. A unique Crypto Token identifier will be generated when the token is created."
Here it says A Unique Crypto Token identifier will be generated? so the id is not 732248322? Please let me know if i am missing something.
Basically i have configured the HA between two HSM after configuring HA, it create a single logical volume of the two HSM. now i would like to replace the already in use HSM with the new HA logical Volume in the CA.
I am able to create the crypto tokens in the EJBCA Admin GUI. its not an issue.
i am stuck with the replacement of Crypto token in the CA. there is no option to edit the crypto token in CA.its always looking for the older token with id 732248322
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I have already configured one HSM token and CA keys are on that token. I would like the replace the current token with a new token and same older keys. keys already copied to new token. it seems EJBCA generated some random id for every token that can't be regenerated.
is there any possibility?
Regards,
Sanaullah
EJBCA doesnot generate any random id on the token that can't be regenerated. It is pure PKCS#11 with certain objects required. In the Admin Guide you can read about what is required.
Upgrading HSMs from one to another is a typical task that is standard procedure for EJBCA installlations.
Cheers,
Tomas
Thanks Tomas,
I think its confusing here.
My new token is listed in in Crypto Token section and i remove the older token.when i edit the CA I am getting this.
Crypto Token [?] CryptoToken 732248322 not found.
the below details are written in EJBCA Crypto Tokens details [1]
"The PKCS#11 properties above are described in more technical detail in the AdminGuide's HSM section. A unique Crypto Token identifier will be generated when the token is created."
Here it says A Unique Crypto Token identifier will be generated? so the id is not 732248322? Please let me know if i am missing something.
[1]https://10.10.10.132:8443/ejbca/doc/userguide.html#Managing%20Crypto%20Tokens
That is just a database key for the data stored in the EJBCA database. It has nothing todo with theusage of the crypto token.
I guess I do not understand what you want to do. You can create multiple "CryptoTokens" in the EJBCA Admin GUI, using the same HSM.
Basically i have configured the HA between two HSM after configuring HA, it create a single logical volume of the two HSM. now i would like to replace the already in use HSM with the new HA logical Volume in the CA.
I am able to create the crypto tokens in the EJBCA Admin GUI. its not an issue.
i am stuck with the replacement of Crypto token in the CA. there is no option to edit the crypto token in CA.its always looking for the older token with id 732248322