Signature Test not shown when using HSM
I am currently using a LUNA HSM for storing the keys of a few CAs and FIM CM Agents certificates. For each certificate that have its private key stored on the HSM the "Signature Test passed" is not shown as a result of the certutil -store My command.
Instead I get the following message
Provider = Luna Cryptographic Services for Microsoft Windows
Private key is NOT exportable
ERROR: Could not verify certificate public key against private key
CertUtil: -store command completed successfully.
Is that a normal behavior or there is something wrong? Should I ask SafeNet support instead?andresz
January 6th, 2012 12:15pm
I am more familiar with Thales/nCipher HSMs, but here is some related information.
1) I would use the following commands for each FIM CM agent account
certutil -verifystore -user my
For the FIM CM Agent and the FIM CM KRAgent, the test hould not report any errors
For the FIM CM Enrollment Agent, you will see Error: Could not verify certificate public key against private key. The product group is aware of this issue with certutil.
2) For the CAs, run certutil -verifystore my
You should not see any errors when validating a CA certificate
HTH,
Brian
Free Windows Admin Tool Kit Click here and download it now
January 6th, 2012 5:45pm