Test the integration

This test consist of validating the key created in the HSM in section integrate-nshield-pki-hub.adoc#configure-pki-hub.

  1. Login into the Entrust PKI Hub Management Console web GUI.

  2. In the content pane, under Certificate Authorities, select Manage Solution.

  3. Select the download arrow icon to the right of Export Configuration. Notice the compressed folder downloaded to your computer.

    test integration 1

  4. Expand the compressed folder and navigate to Downloads\pkihub-configuration\kmdata.tar\kmdata\local. Notice the file named key_encore_<Key unique identifier>, where <Key unique identifier> is the value entered in integrate-nshield-pki-hub.adoc#configure-pki-hub. This file is the key blob corresponding to the key created in the Entrust nShield HSM.

  5. For the purpose of validating the key, copy the key blob to an on-premises HSM client of the same world or server local folder /opt/nfast/kmdata/local/.

  6. Execute the following commands. Notice the key name.

    root@dev-ubuntu:/opt/nfast/kmdata/local# nfkminfo -k

Key list - 1 keys
 AppName ncore                Ident pkihubkey

root@dev-ubuntu:/opt/nfast/kmdata/local# rocs
`rocs' key recovery tool
Useful commands: `help', `help intro', `quit'.
rocs> list keys
  No. Name                     App        Protected by
    1 Id: pkihubkey            ncore      testOCS
rocs> exit

  7. Delete this key blob from the HSM client or server. It remains in the Entrust PKI Hub.