Firefox example
Configuration
Note
Remember to close and open your browser to ensure that it loads the new environment variables.
-
Open the menu and click on Options.
Firefox menu screen. -
Select Privacy and Security and click on Security devices.
Firefox options screen. -
Click on Load and enter:
- a name for the module (e.g:
Dinamo) - the path of the PKCS#11 library Dinamo
Loading screen. - Then click OK and then OK again.
- a name for the module (e.g:
-
-
Click on View certificates, select the Your certificates tab. If there are keys/certificates properly installed in the HSM, they will appear here.
If you want to import a new certificate, you can do so via Firefox itself, just click Import, select the file in PKCS#12 format (.pfx) and click OK.
Firefox options screen.
Once imported, your certificate can be used in Firefox.
Key Import
There are several ways to import a key/certificate pair. One is via the remote console (hsmcon).
-
Open
hsmconby entering your user id and password. You can run hsmcon from the command prompt (just typehsmconand press ENTER) or from the start menu.Backup and restore operationDinamo - Remote Management Console v. 4.13.0.0 2018 (c) Dinamo Networks HSM 127.0.0.1 e - Engine 5.3.0.0 (DXP) - TCA0000000 - ID master Main Menu Keys/Objects Users HSM 1 - Generate... 17 - Create 33 - Info 2 - Remove 18 - Remove 34 - Logs... 3 - Attributes 19 - List 35 - Backup... 4 - Import... 20 - Attributes 36 - Monitoring... 5 - Export... 21 - Trust Relations 37 - Firmware Update 6 - List 22 - Password Policy 38 - Replication... 7 - Permissions... 23 - My Password 39 - IP Filter... 8 - Key Backup... 40 - Telemetry 41 - Policies 42 - Tools... 43 - SPB... 44 - EFT... 45 - EFT Direct 46 - Safe Keeping... 47 - Blockchain... 0 - Exit Option: -
Select the option -
Import...,Asymmetric Keysand thenPKCS#12.- Choose the PKCS#12 (.pfx) file containing the key/certificate you want to import;
- Enter the password for the file (.pfx);
- Select whether the private key is exportable or not;
- Choose the name of the private key;
- Choose the name of the certificate;
- Choose the name of the public key;
The name of an object (private key, public key, certificate, etc.) in HSM can contain up to 32 alphanumeric characters or an underscore (_).
Backup and restore operationDinamo - Remote Management Console v. 4.13.0.0 2018 (c) Dinamo Networks HSM 127.0.0.1 e - Engine 5.3.0.0 (DXP) - TCA0000000 - ID master Keys/Objects - Import - Asymmetric Keys - PKCS#12 File (local) : c:lab.pfx Private key password : ******** Exportable (y/[n]):y Private key name : lab X.509 certificate name (HSM) : lab_cert Public key name (ENTER for none) : lab_pub File loaded successfully. Press ENTER key to continue...
Done! Your key is installed and ready to use.
Use
If your certificate is a valid ICP-Brasil certificate, you can use it to access, for example, the Receita Federal Service Portal, e-Cac. When you open Firefox on the e-Cac website, a screen will appear where you select the desired certificate and click OK to access the protected site.
