证书问题

此错误消息通常表示您作为CU用户连接到CloudHSM集群的凭据不正确:

• 确保您使用CU用户(Crypto user)而不是CO (Crypto Officer)用户(更多关于AWS CloudHSM用户管理)登录
• 确保您的凭据是正确的(打字错误，复制/粘贴问题，额外的字符)。

另外，如果遇到以下错误，这通常意味着您没有设置clouddhsm凭据(见下文)

n3fips_password env variable not set>
Cfm2Shutdown: Application is not initialized

Tl;dr:设置凭据以使用使用Windows SDK工具的CloudHSM集群:

& "C:Program FilesAmazonCloudHSMtoolsset_cloudhsm_credentials.exe" --username test_cu_user --password xxx
# Securely input the username and password: 
${hsm_creds_user} = Read-Host -AsSecureString "hsm_creds_user"
${hsm_creds_password} = Read-Host -AsSecureString "hsm_creds_password"
# Convert from SecureString to String
$hsm_cu_user = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hsm_creds_user))
$hsm_cu_pwd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hsm_creds_password))
# 
& "C:Program FilesAmazonCloudHSMtoolsset_cloudhsm_credentials.exe" --username ${hsm_cu_user} --password ${hsm_cu_pwd}

您现在可以使用certreq或signtool。

源:

• 使用Microsoft SignTool与AWS CloudHSM签名文件
• 安装和配置AWS CloudHSM客户端(Windows)