Does anybody know a CA company which allows me to put the bought CA certificate inside SoftHSM (the same as an HSM but without any hardware, it is pure software)?
Is it hard to work with the PKCS11 interface? I have a Java application which will sign documents. But I need to communicate through the PKCS11 interface. Anybody had any experience with it before? Is there any tutorial on this?
No, I doubt that that any serious CA company could allow you to operate a CA key outside a real HSM. Additionally it is more than likely that completing a successful third-party audit of your PKI, from a technical and operational point of view, must also be mandatory requirement.
Oracle provides a PKCS#11 Cryptographic Provider for the Java Cryptographic API. However I never used this provider for serious purpose. You can find the official documentation here. This provider is part of the standard Java distribution.
Note that some HSM vendors may also ship a dedicated Java API with their HSM which better fits their product features than the PKCS#11 API. I know that Thales nCipher HSM has such a library.
