Can the KCA OneStep SSL certificate private key be kept on a HSM?
Originally Published: 2003-11-24
Article Number
Applies To
Sun Solaris 2.8
nCipher Hardware Security Module
Issue
Resolution
There are two ways to utilize the KCSOSD_SSLKEY_PASSPHRASE variable. You could program the passphrase into the plugin or insert the passphrase in HTML as an hidden field. The programmatic approach is more secure and is recommended for production systems. The HTML approach is good for demo purpose.
As an example, programmatically:
int KCSOSExchange(void *context, KCSOSNVInterface *pInterface) {
// ...
pInterface->InsertEntry(pInterface->NVlist, KCSOSD_SSLKEY_PASSPHRASE, "1234", 5);
// ...
}
HTML
<INPUT TYPE="HIDDEN" NAME="KCSOSD_SSLKEY_PASSPHRASE" value="1234">
Related Articles
How to Generate SSL Certificate Request and Private Key from the RSA SecurID Access Admin Console Number of Views Export a custom certificate with the private key from an RSA Authentication Manager 8.x server Number of Views How to recover from "Error: The private key could not be parsed" when trying to upload the RSA SecurID Access Identity Rou… Number of Views How to find which key on the HSM corresponds to a OneStep SSL certificate Number of Views KCA OneStep 6.0 Flat File Demo not working Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to…
Don't see what you're looking for?
