[Pki-users] Utimaco HSM "Not Found" problem
Arshad Noor
arshad.noor at strongauth.com
Thu Apr 22 21:06:07 UTC 2010
Hi Christina,
Good to hear from you again.
I changed the token name and removed the space, but nothing changed,
unfortunately:
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. CryptoServer
library name: /usr/bin/libcs2_pkcs11.so
slots: 1 slot attached
status: loaded
slot: CryptoServer Device '/dev/cs2' - Slot No: 0
token: CBUAETEST
-----------------------------------------------------------
The debug file for the new CA instance shows:
-------------------------------------------
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: display()
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got module
NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: supported
modules count= 4
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: module
found: NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token nick
name=NSS Generic Crypto Services
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token
logged in?false
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token is
present?true
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token NSS
Generic Crypto Services not to be added
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token nick
name=Internal Key Storage Token
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token
logged in?true
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token is
present?true
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: nfast
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module nfast
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: lunasa
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module lunasa
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: CryptoServer
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module CryptoServer
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel subpanelno =9
-------------------------------------------
The CS.cfg for this instance has the following:
-------------------------------------------
preop.configModules.count=4
...
preop.configModules.module3.commonName=CryptoServer
preop.configModules.module3.imagePath=../img/clearpixel.gif
preop.configModules.module3.userFriendlyName=Utimacos's CryptoServer
Hardware Security Module
preop.module.token=CBUAETEST
-------------------------------------------
Arshad Noor
StrongAuth, Inc.
Christina Fu wrote:
> Hi Arshad,
>
> Just a thought. Did you try removing the space for your token name?
>
> Christina
>
> Arshad Noor wrote:
>> Can someone from the DogTag team explain the process by which
>> the installation servlet "finds" PKCS11 modules/HSMs and logs
>> into them? Alternatively, if you can point me to the specific
>> source module that performs this, I'd be happy to look at it
>> myself.
>>
>> I'm still baffled by our inability to have the installation
>> servlet find the Utimaco HSM module, despite the fact that
>> modutil sees it:
>>
>> $ pet105:~> modutil -dbdir /var/lib/subca01/alias -nocertdb -list
>>
>> Listing of PKCS #11 Modules
>> -----------------------------------------------------------
>> 1. NSS Internal PKCS #11 Module
>> slots: 2 slots attached
>> status: loaded
>>
>> slot: NSS Internal Cryptographic Services
>> token: NSS Generic Crypto Services
>>
>> slot: NSS User Private Key and Certificate Services
>> token: NSS Certificate DB
>>
>> 2. CryptoServer
>> library name: /usr/bin/libcs2_pkcs11.so
>> slots: 1 slot attached
>> status: loaded
>>
>> slot: CryptoServer Device '/dev/cs2' - Slot No: 0
>> token: CBUAE TEST
>> -----------------------------------------------------------
>>
>>
>> There were some SELinux errors, but I fixed all of them; despite
>> all calls now being successful, the installation servlet will
>> still not see the HSM.
>>
>> Thanks.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
More information about the Pki-users
mailing list