[Pki-users] Utimaco HSM "Not Found" problem

Arshad Noor arshad.noor at strongauth.com
Fri Apr 16 01:49:46 UTC 2010 

So, how did you resolve this, Mike?  Or, is it still unresolved?
Thanks.

Arshad Noor
StrongAuth, Inc.

Michael StJohns wrote:
> Sorry - after I sent my earlier email I realized you probably 
> encountered the same problem I did.
> 
> I need to report the bug to Utimaco/Sophos, but the driver on the 2.01 
> disk for Linux appears to have problems finding the configuration file 
> in the standard locations.  I'm not sure exactly what the problem is.  
> You can duplicate this by clearing the CS2_PKCS11_INI environment 
> variable, placing the cs2_pkcs11.ini file in one of the standard 
> locations  - e.g. /usr/etc/cs2_pkcs11.ini and then running the modutil 
> command again over  a blank database and try and add the module again.   
> If you get the error CKR_FUNCTION_FAILED - its the same issue. 
> 
> Strangely enough, the config file is found, its just not loaded for some 
> reason.  (Do an 'strace' and look at the "access" calls).
> 
> Mike
> 
> On 4/15/2010 8:49 PM, Arshad Noor wrote:
>> Hi,
>>
>> I've updated DogTag to the current modules available (FC11 x86_64):
>>
>>     dogtag-pki-ca-ui-1.3.1-1.fc11.noarch
>>     dogtag-pki-common-ui-1.3.1-1.fc11.noarch
>>     dogtag-pki-console-ui-1.3.1-1.fc11.noarch
>>
>>     pki-ca-1.3.3-1.fc11.noarch
>>     pki-common-1.3.3-1.fc11.noarch
>>     pki-console-1.3.1-1.fc11.noarch
>>     pki-java-tools-1.3.1-1.fc11.noarch
>>     pki-native-tools-1.3.0-5.fc11.x86_64
>>     pki-selinux-1.3.4-1.fc11.noarch
>>     pki-setup-1.3.4-1.fc11.noarch
>>     pki-silent-1.3.2-1.fc11.noarch
>>     pki-symkey-1.3.2-3.fc11.x86_64
>>     pki-util-1.3.0-5.fc11.noarch
>>
>>
>> I've installed and successfully tested a Utimaco CryptoServer HSM
>> on the operating system, including adding it to secmod.db (in the
>> /var/lib/subca01/alias directory), generating a RSA key-pair,
>> issuing a self-signed and listing the objects using certutil (the
>> attached hsm-config.txt file shows sample output).
>>
>> I've modified CS.cfg in /etc/subca01 to include this token (as the
>> attached modules.txt file shows).
>>
>> I've even restarted pki-cad services after adding the HSM to secmod.db,
>> to ensure that the DogTag code reads secmod.db with the CryptoServer
>> configured in it.
>>
>> However, when it comes time to install a Subordinate CA, the KeyStore
>> page claims that the Utimaco HSM is not found (see keystore-page.png)
>> even though it is correctly listed on the page under "Supported
>> Security Modules".
>>
>> What am I missing?
>>
>> How do I get DogTag to use the HSM to generate the key-pair?
>>
>> Thanks.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>   
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list