See below for instructions on running the Profile Creation Utility to create an administrator profile on HSM. 

To create a profile on HSM with the Profile Creation Utility

  1. Run the CA Gateway Profile Creation Utility. 
    • Run bin/pcu.sh on Linux.
    • Run bin\pcu.bat on Windows.
  2. Confirm you are on the main menu of the PCU. 
    Main Menu
    1. Exit
    2. Help
    3. Create Entrust profile
    4. Recover Entrust profile
    5. Inspect Entrust profile (read only)
    6. Inspect and update Entrust profile (read/write)
    7. Create Server Login credentials
    8. Create PKCS #12 file (Security Manager)
    9. Recover PKCS #12 file (Security Manager)
    10. Create PKCS #12 file (3rd Party)
    11. Update PKCS #12 file (3rdParty)
    12. Process PKCS #10 Certificate Signing Request (CSR)
    13. Generate/Process Certificate Signing Request on HSM (3rd Party) 14. Change password
    Select an operation [3]:
  3. Select option 3 for Create Entrust profile.
  4. Select option 2 for Hardware token.
  5. In Take settings from an existing <config>.ini file (y/n)?, enter y for yes.
  6. In Enter full path to entrust.ini, enter the path of the file edited when Setting the PKCS#11 library path.
  7. In Enter token slot number, enter the slot number of the desired slot. 

    We recommend creating the enrollment agent credentials in a PKCS#11 HSM.

  8. In Enter reference number, enter the reference number obtained when Creating a user entry for the administrator profile.
  9. In Enter authorization code, enter the authorization code obtained when Creating a user entry for the administrator profile.
  10. In Enter profile name, enter a file name for the auxiliary profile file. 
  11. In Enter auxiliary profile directory, enter the directory for the auxiliary profile file. The name of this file is the name previously entered in Enter profile name.
  12. In Enter hardware token password,  enter the password of the HSM slot. 

    Use different passwords for users in different slots. That can help prevent accidentally overwriting a slot already used by another user.