Checking PKCS11 HSM Functionality
ADSS Server contains a test utility called "test_pkcs11" that performs a full interoperability test on a PKCS#11 device. This is useful for confirming that an HSM, smartcard or a crypto USB token can be controlled properly on a given platform using the current firmware and device driver software. The test utility executes a number of test cases that covers all the operations that can be performed by ADSS Server. A detailed report is generated that can be used to analyse any faults. Some issues may be expected if certain algorithms are not supported.
To run the "test_pkcs11" utility follow these steps:
Windows OS
test_pkcs11.bat [PKCS#11 Friendly Name] [PKCS#11 Module] [PKCS#11 Slot] [PKCS#11 Slot PIN] [FIPS Mode true or false] [Local Path for PKCS#11 Log File] [Logging Level INFO or DEBUG] [HSM Vendor UTIMACO or THALES or SAFENET]
For example:
test_pkcs11.bat aladdin etpkcs11.dll 0 password false C:\Testing\pkcs11.log DEBUG UTIMACO
If ADSS Server version is older than v5.9 then do not use the parameter [HSM Vendor UTIMACO or THALES or SAFENET]
UNIX OS
./test_pkcs11.sh [PKCS#11 Friendly Name] [PKCS#11 Module] [PKCS#11 Slot] [PKCS#11 Slot PIN] [FIPS Mode true or false] [Local Path for PKCS#11 Log File] [Logging Level INFO or DEBUG] [HSM Vendor UTIMACO or THALES or SAFENET]For example:
./test_pkcs11.sh aladdin libeTPkcs11.so 0 password false /home/adss-test/pkcs11.log DEBUG UTIMACO