I am currently using a LUNA HSM for storing the keys of a few CAs and FIM CM Agents certificates. For each certificate that have its private key stored on the HSM the "Signature Test passed" is not shown as a result of the certutil -store My command. Instead I get the following message Provider = Luna Cryptographic Services for Microsoft Windows Private key is NOT exportable ERROR: Could not verify certificate public key against private key CertUtil: -store command completed successfully. Is that a normal behavior or there is something wrong? Should I ask SafeNet support instead?andresz

I am more familiar with Thales/nCipher HSMs, but here is some related information. 1) I would use the following commands for each FIM CM agent account certutil -verifystore -user my For the FIM CM Agent and the FIM CM KRAgent, the test hould not report any errors For the FIM CM Enrollment Agent, you will see Error: Could not verify certificate public key against private key. The product group is aware of this issue with certutil. 2) For the CAs, run certutil -verifystore my You should not see any errors when validating a CA certificate HTH, Brian