Entrust nShield Connect

Since the keys are already in place, we merely need to build the configuration file that the key server will read on startup. In this example the device contains a single RSA key pair.

We ask pkcs11-tool (provided by the opensc package) to display the objects stored in the token:

The key piece of information is the label of the object, rsa-privkey. Open up /etc/keyless/gokeyless.yaml and immediately after

add

Save the config file, restart gokeyless, and verify it started successfully.