[Pki-users] Utimaco HSM "Not Found" problem
Arshad Noor
arshad.noor at strongauth.com
Fri Apr 16 01:49:46 UTC 2010
So, how did you resolve this, Mike? Or, is it still unresolved?
Thanks.
Arshad Noor
StrongAuth, Inc.
Michael StJohns wrote:
> Sorry - after I sent my earlier email I realized you probably
> encountered the same problem I did.
>
> I need to report the bug to Utimaco/Sophos, but the driver on the 2.01
> disk for Linux appears to have problems finding the configuration file
> in the standard locations. I'm not sure exactly what the problem is.
> You can duplicate this by clearing the CS2_PKCS11_INI environment
> variable, placing the cs2_pkcs11.ini file in one of the standard
> locations - e.g. /usr/etc/cs2_pkcs11.ini and then running the modutil
> command again over a blank database and try and add the module again.
> If you get the error CKR_FUNCTION_FAILED - its the same issue.
>
> Strangely enough, the config file is found, its just not loaded for some
> reason. (Do an 'strace' and look at the "access" calls).
>
> Mike
>
> On 4/15/2010 8:49 PM, Arshad Noor wrote:
>> Hi,
>>
>> I've updated DogTag to the current modules available (FC11 x86_64):
>>
>> dogtag-pki-ca-ui-1.3.1-1.fc11.noarch
>> dogtag-pki-common-ui-1.3.1-1.fc11.noarch
>> dogtag-pki-console-ui-1.3.1-1.fc11.noarch
>>
>> pki-ca-1.3.3-1.fc11.noarch
>> pki-common-1.3.3-1.fc11.noarch
>> pki-console-1.3.1-1.fc11.noarch
>> pki-java-tools-1.3.1-1.fc11.noarch
>> pki-native-tools-1.3.0-5.fc11.x86_64
>> pki-selinux-1.3.4-1.fc11.noarch
>> pki-setup-1.3.4-1.fc11.noarch
>> pki-silent-1.3.2-1.fc11.noarch
>> pki-symkey-1.3.2-3.fc11.x86_64
>> pki-util-1.3.0-5.fc11.noarch
>>
>>
>> I've installed and successfully tested a Utimaco CryptoServer HSM
>> on the operating system, including adding it to secmod.db (in the
>> /var/lib/subca01/alias directory), generating a RSA key-pair,
>> issuing a self-signed and listing the objects using certutil (the
>> attached hsm-config.txt file shows sample output).
>>
>> I've modified CS.cfg in /etc/subca01 to include this token (as the
>> attached modules.txt file shows).
>>
>> I've even restarted pki-cad services after adding the HSM to secmod.db,
>> to ensure that the DogTag code reads secmod.db with the CryptoServer
>> configured in it.
>>
>> However, when it comes time to install a Subordinate CA, the KeyStore
>> page claims that the Utimaco HSM is not found (see keystore-page.png)
>> even though it is correctly listed on the page under "Supported
>> Security Modules".
>>
>> What am I missing?
>>
>> How do I get DogTag to use the HSM to generate the key-pair?
>>
>> Thanks.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list