how to register multiple cloudHSM windows clients with cloudHSM

Question

installed cloudHSM windows clients and was able to create CSR on it. CSR was sent to digicert to sign. After received CRT from digicert, file can be signed using signtool.exe on this windows client successfully. 
we are trying to bring one more windows client to sign. we installed  cloudHSM windows clients on it, and ran below commands without issues, 
.\configure.exe -a

.	ools\set_cloudhsm_credentials.exe --username  --password

Get-Service -Name AWSCloudHSMClient | Format-Table DisplayName,Status -AutoSize

but failed at "certreq -accept " with error "Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)"

I can understand it failed because CSR was not generated on this machine. but how to register it with cloudHSM CU to use the same private key to sign exe files?

please help. thanks!

Answer

https://docs.aws.amazon.com/cloudhsm/latest/userguide/cmu-install-and-configure-client-win.html just for other folks to see.

Certreq was unable to find the related request object. This is typically within the Certificate Enrollment Request (CER) node certificate store.

Run `certutil -deump file.req` to dump the request file and inspect the contents. Should be a public key. Then run certutil -dump cert.cer to dump the issued certificate. Compare the keys.

Do this for each object within the Certificate Enrollment Request(s) (CER) (focused on Local Machine context) to find request object with matching public key. I admit I had to go back and do some searching on this myself, but this should be what you are looking for. Best of luck!

how to register multiple cloudHSM windows clients with cloudHSM

相關內容