- Make sure that the token already includes a suitable certificate and that the PKCS #11 provider configuration files and user PIN files exist as described in Performing initial preparation for PCKS #11 support in PingDirectory Server.
- Make sure that the trust store has the appropriate trust information for the
certificate in the PKCS #11 token. If that certificate is signed by an authority
in the Java virtual machine (JVM)’s default set of trusted issuers, or if it’s
signed by the same private internal authority as the certificate in the current
file-based key store, then you can skip this.
But if the certificate in the PKCS #11 token is self-signed, or if it's signed by an authority that the server isn't currently configured to trust, then you must update the trust store with the necessary certificates.