1. Overview This HowTo describes how to configure Rsignd service (PKI service) of WebADM on a PKCS11 cryptographic hardware security module (HSM). The objective is to involve the HSM for all CA signing operations and to increase the protection of the private key. This configuration is probably the most secure setup for a PKI service because the logical and physical access to the HSM is limited to one or few persons in a company.

Product Documentation This document is an installation guide for WebADM Server in standalone and high availability mode. WebADM server is the main component to install and deploy OpenOTP in your environment. WebADM usage manual is not covered by this guide and is documented in the RCDevs WebADM Administrator Guide. Product Overview WebADM is a powerful Web-based LDAP administration software designed for professionals to manage LDAP Organization resources such as Domain Users and Groups.

1. Overview RCDevs’ suite offers a public key infrastructure service and that functionality is mandatory for the proper functioning of RCDevs solutions. The default setup is to make WebADM/Rsignd a standalone CA. In that scenario, you just need to follow the default WebADM setup. For customers which already have a CA in place and running, you can configure WebADM as a subordinate CA. This document will present you with how to configure WebADM as a subordinate certificate authority of your enterprise certificate authority.