Re: Peer failed getting private key from HSM
Brett T Logan <brett.t.logan@...>
toggle quoted message Show quoted text
Are you setting up the peer and orderer to communicate with the external CA's HSM?
Did you generate the CSR yourself, and thus you have the private key and you provided it to them for import, or did the external CA provider generate everything and they fully own the private key? BCCSP doesn't use the SKI extension of the cert, it computes its own SKI by doing a SHA256 over the private key, the corresponding public signing cert is named with this SKI (SHA256) of the private key. If you had the private key (or access to it via PKCS11) you could perform the same operation BCCSP does to compute the SHA256 SKI.
----- Original message -----