To establish trust between your instances, you must create a key pair and certificate for each of the cm_code_attest and cm_code_signing cryptographic modules.

Creating key pairs and certificates is done using a cryptographic tool installed on your local device, such as the OpenSSL tool. For more information on this tool, see https://www.openssl.org. If your organization uses other cryptographic tools, such as LibreSSL or GnuTLS, refer to the documentation for those products for similar steps.

Key pair specifications

The key pairs you create must meet these requirements.

Certificate specifications

Certificates must be signed by a public certificate authority.