astraw38
commented
3 years ago I'd highly recommend using the Luna 'cmu' utility (certificate management utility). It's a binary that's included in the LunaClient installation. You can use it to create a signed certificate with the cmu selfsigncertificate option.
I recommend this route, because while you can manually create, sign, and then encode the certificate yourself, it's rather tedious (there's a lot of ASN.1 encoding that will need to be done).
Using CMU with your already-created key handles as shown above would look something like this:
./cmu selfsigncertificate -privatehandle=188 -publichandle=187
[...]CMU will prompt for any missing information, and allow you to fill in the certificate fields. The certificate will then be created on the HSM. You can then export the certificate to a file if you want with the cmu export command.
If you wanted to create the CSR in another program (such as openssl or even in-python with cryptography.io), you can use cmu certify to create & sign a cert from the CSR.
I generated a private/public key using the pycryptoki example here. The program gives output like:
Generated Private key at 188 and Public key at 187I don't understand how to use/access this key pair further. I want use this key pair to generate an x.509 public certificate that I can be used by client application to securely connect to my server. I'm a bit new to the crypto and python world so I might be missing something obvious.
Request for your help. Please let me know if any more information is needed from my end
-- Thank you.