freebsd security - Sep 2015 - SmartCards/Tokens recommended for TLS CA under FreeBSD

Dear colleagues,

what vendors/models could you recomment to implement enterprize 2-level CA?

We used Aladdin Pro (non-Java), but they are long gone, and I could not 
reimplement sign tree with sha256 after a dozen of experiments.

sha1 and 2k keys is a must, sha256 is almost a must, and 4k/ellyplic 
would be feasible.

Thanks in advance.

-- 
Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer:                                 marck at FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at rinet.ru ***
------------------------------------------------------------------------

Dmitry Morozovsky <marck at rinet.ru> writes:
> We used Aladdin Pro (non-Java), but they are long gone, and I could not 
> reimplement sign tree with sha256 after a dozen of experiments.
Aladdin was acquired by SafeNet who have a range of PKI smart cards.  I
think the SC650 might meet your requirements.  It is possible that they
still sell the cards you used under a different name.

DES
-- 
Dag-Erling Sm?rgrav - des at des.no