Open commjoen opened 5 years ago
I would be interested in learning about that implementation!
I've seen some implementations which allow the private key to stay in the HSM and the certificate to stay local. In general, there are no issues here. Of course, I haven't seen your particular implementation. Has it been performing well? Did you hit any problems along the way? Are you using a particular TLS library?
In order to keep the client-side TLS private key in the Cavium keystore, we made a wrapperkeystore at which we keep the certificate, so that we can actually use it to do client-side TLS. Are there actual issues with picking up client-side TLS authentication by the cavium hsm?