User guide

SSL Libraries Used with the Certificate/Key Management Environment

8-5

Figure 8-2 Relationship between Slot, Token and Private Key

The slot password is needed for operations processing slot information, and the SO-PIN or user PIN is

needed for operations processing token information. These passwords and PINs are set when the slot is

generated or when the token is generated, respectively. The SO-PIN is set and is not used in normal

operation.

The user PIN refers to the information required when accessing the private key in the token (when

generating a private key using the cmmakecsr command or registering a private key using the cmenterkey

command). Because a user PIN exists for each token, multiple pieces of private key information can be

accessed with one user PIN if multiple private keys are registered in one token.

Table 8-2 lists the relationships between password and PIN with respect to slot and token.

Table 8-2 Relationships between Password and PIN

Type Number of pieces Major applications

Slot-password 1 for a slot Generating a token

SO-PIN 1 for a token -

User PIN 1 for a token Accessing a private key(cmmakecsr,cmenterkey)

Environment Setting for Certificate/Key Management Environment

Set up the environment according to the following procedure:

1. Create a certificate/key management environment.

− Create management directories.

− Create and set up a key management environment.

− Create a certificate/CRL management environment.

2. Create a private key and acquire a certificate.

− Create a CSR (Certificate Signing Request) (create a private key at the same time.).

− Make a request to issue a certificate.

− Acquire a certificate.