Zymkey can be used as part of the client side TLS transaction against a server that is configured for mutual authentication.
A CSR can be generated using Zymkey. This CSR can be used to generate a certificate from a preferred Certificate Authority or CA (for example: GoDaddy, Comodo or Verisign) or against your own self signed root CA.
To generate a CSR with one of Zymkey’s key slots, simply type the following OpenSSL commands on your Raspberry Pi:
touch bogus.key openssl req -key bogus.key -new -out myClientCert.csr -engine zymkey_ssl -keyform e
touch command is needed because, even though we’re using a key slot located in the Zymkey, openssl wants a placeholder file for the key.
After answering the questions (Country Name, State or Province, etc.) you should have your certificate signing request (myClientCert.csr) that you can present to your preferred CA for certificate generation.