Based on some guidance from a consultant, I am trying to implement a PKI with an HSM. I have successfully created an asymmetric pair inside the HSM and exported the public key to a file.
From there I am supposed to use this public key to create a certificate and CSR that I will submit back to my HSM for signing with the sealed private key. This is where I am stuck.
Preferably using OpenSSL, how do I achieve this? I've been all through the "openssl req" and "openssl x509" commands and I can't seem to figure out how I am to ultimately generate any Certificate or CSR associated with this public key.
openssl-x509 -new -force_pubkey looked promising to make a cert, but the command requires private keys which doesn't make sense to me. The private key to sign the thing is locked in the HSM for signing later.
openssl-req is what I need to ultimately create the CSR but there is nothing in this API to associate this existing public key or certificate to the request.
I feel I've either hit some limitation of the OpenSSL CLI, or I'm lacking some major bit of knowledge about how I'm supposed to cobble the CSR together for signing by the HSM.
You generally access the HSM via its PKCS#11 interface. OpenSSL provides the engine or provider interface for this.
You would use something like the following to create a self-signed certificate:
$ openssl req -new -x509 -days 365 -subj '/CN=My CA/' -sha256 -config
engine.conf -engine pkcs11 -keyform engine -key slot_0-label_my_key
-out cert.pem
Note that the value used for the -key option will depend on your HSM. A search engine will help you there.
If you're running this on linux, you will likely need to install the OpenSSL pkcs11 engine (libengine-pkcs11-openssl on Debian/Ubuntu and variants).
As an aside, I hope your consultant pointed out that OpenSSL isn't meant for operating a real certification authority. The man page for openssl-ca even has a warning to that effect. In addition to the warning about the lack of locking on the database file, using OpenSSL provides no auditable trace of events, nor does it provide role separation. This is fine in a lab environment, but not if you're trying to create a trustworthy PKI system.