How to find which key on the HSM corresponds to a OneStep SSL certificate
Originally Published: 2003-06-24
Article Number
Applies To
Microsoft Windows 2000 Advanced Server SP2
nCipher Hardware Security Module
Issue
Using OneStep setupSSL to create keys on HSM
Resolution
-----BEGIN RSA NFAST PRIVATE KEY-----
MDUWDnJzYS1rZW9uLWNhLTY1FhAxMDMzNDMzODEwOTgxNDk1FghzcGFyY1NldAEB
/wIBAQIBAg==
-----END RSA NFAST PRIVATE KEY-----
You can use any ASN.1/BER viewing tool to look at the contents. One freely available tool that will do this is dumpasn1. Running dumpasn1 with the key file as input (you can leave it in its PEM encoded form) will produce output something like this:
0 30 53: SEQUENCE {
2 16 14: IA5String 'rsa-keon-ca-65'
18 16 16: IA5String '1033433810981495'
36 16 8: IA5String 'sparcSet'
46 01 1: BOOLEAN TRUE
49 02 1: INTEGER 1
52 02 1: INTEGER 2
: }
The three string values are the application name, the key id, and the card set name. You should be able to match the key id with one listed by KeySafe to find the key using that tool.
Related Articles
Can the KCA OneStep SSL certificate private key be kept on a HSM? Number of Views Identity Management and Governance: No available certificate or key corresponds to the SSL cipher suites which are enabled. Number of Views How to Generate SSL Certificate Request and Private Key from the RSA SecurID Access Admin Console Number of Views Add an Identity Source SSL Certificate Number of Views How to generate an SSL certificate for tomcat. Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to…
Don't see what you're looking for?
