Writing certificate back to HSM

jimmypw · jimmypw · commit 52238a8e0725 · 2019-05-20T11:24:38.000+01:00
diff --git a/ca/opt/ca/sbin/initca b/ca/opt/ca/sbin/initca
@@ -13,10 +13,10 @@ pkcs11-tool \
     --module "${PKCS11MODULE}" \
     --token "${TOKENLABEL}" \
     -l \
-    --pin "${CHALLENGEPW}" \
+    # --pin "${CHALLENGEPW}" \
     -k \
     --key-type "rsa:${CAKEYSIZE}" \
-    -a "${CAKEYNAME}" \
+    -a "${CAKEYNAME}" 
 
 openssl req \
     -new \
@@ -49,10 +49,20 @@ if [ ! -d "${CASIGNEDCERTS}" ]; then
 	mkdir "${CASIGNEDCERTS}"
 fi
 
+echo "Writing certificate back to HSM"
+pkcs11-tool \
+    --module "${PKCS11MODULE}" \
+    --token "${TOKENLABEL}" \
+    -l \
+    -w "${CACERTDER}" \
+    -y cert \
+    -a "${CAKEYNAME}" 
+
 touch "${CALOCK}"
 echo
 echo "Sha2Wordlist for ${CACERTPEM}"
 sha2wordlist ${CACERTPEM}
 echo
 echo "Sha2Wordlist for ${CACERTDER}"
 sha2wordlist ${CACERTDER}
+
