If a key is generated from a key template (that was previously imported through a statedump), the crypto token will be rendered useless by having all of its properties set to null (i.e. slot reference type, slot reference, path to PKCS#11 library).
1. Create a statedump that contains a single crypto token with a single key (type PKCS#11).
2. Load the statedump into separate instance of EJBCA (PKCS#11 slot with same configuration must be available on the HSM/emulator).
3. Activate the crypto token.
4. Click on the crypto token, and click on the 'Generate' button for the key template (the one marked with '(Not generated)').
5. Restart JBoss.
6. Try to access the crypto token information by going to crypto token page.
1. The crypto token still has its old configuration, and it's possible to activate it.
1. The crypto token has been rendered useless since it has wrong configuration.
2. Crypto token's type is preserved, but library is empty, reference type is 'CRYPTOTOKEN_LABEL_TYPE_null', and reference is empty.
When listing the crypto token information from CLI (ejbca.sh cryptotoken list), the following output is visible for it:
"UtopiaRootCA" (-112570172) PKCS11CryptoToken, offline, manual, library=, Slot Label=null, Slot Label Type=null, attributes=
Furthermore, if the crypto token is changed in some way (let's say enable/disable auto activation) before JBoss restart, all will be good.