[Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag

John Magne jmagne at redhat.com
Mon Aug 5 17:18:43 UTC 2013 

You should get to a screen on the wizard that asks you to choose a module?

You are not seeing this?

TAke a look at the end of the log file /var/lib/pki-ca/logs/debug and see if anything sticks out with respect to your token.


Also, you might want to run through a test installation with the internal module just to see if you can get a regular CA running ok.

thanks,
jack


----- Original Message -----
From: "Jayakishore Thunga" <jayakishore.thunga at hotmail.com>
To: pki-users at redhat.com
Sent: Monday, August 5, 2013 2:01:06 AM
Subject: [Pki-users] Configuring external PKCS#11 Module (softhsm) with	DogTag

Hi , 

I am configuring external HSM called SoftHSM to certificate system. Here is my configuration 
DogTag 9.0 
Fedora 15 

After pkicreate, i created softhsm entry into the db. Here are the details 

[root at fed15vmnew alias]# modutil -dbdir . -nocertdb -list 
Listing of PKCS #11 Modules 
----------------------------------------------------------- 
1. NSS Internal PKCS #11 Module 
slots: 2 slots attached 
status: loaded 

slot: NSS Internal Cryptographic Services 
token: NSS Generic Crypto Services 

slot: NSS User Private Key and Certificate Services 
token: NSS Certificate DB 

2. SOFTHSM PKCS #11 Module 
library name: /usr/lib/softhsm/libsofthsm.so 
slots: 1 slot attached 
status: loaded 

slot: SoftHSM 
token: softhsm 
----------------------------------------------------------- 


[root at fed15vmnew alias]# modutil -dbdir . -nocertdb -list "SOFTHSM PKCS #11 Module" 
----------------------------------------------------------- 
Name: SOFTHSM PKCS #11 Module 
Library file: /usr/lib/softhsm/libsofthsm.so 
Manufacturer: SoftHSM 
Description: Implementation of PKCS11 
PKCS #11 Version 2.20 
Library Version: 1.3 
Cipher Enable Flags: None 
Default Mechanism Flags: RSA 

Slot: SoftHSM 
Slot Mechanism Flags: RSA 
Manufacturer: SoftHSM 
Type: Software 
Version Number: 1.3 
Firmware Version: 1.3 
Status: Enabled 
Token Name: softhsm 
Token Manufacturer: SoftHSM 
Token Model: SoftHSM 
Token Serial Number: 1 
Token Version: 1.3 
Token Firmware Version: 1.3 
Access: NOT Write Protected 
Login Type: Login required 
User Pin: Initialized 

/var/lib/pki-ca/conf/password.conf 
added this line 
hardware-softhsm=12345 
& 
Modified /var/lib/pki-ca/conf/ serverCertNick.conf 
softhsm:Server-Cert cert-pki-ca 

After this, configuration link doesn't open https://fed15vmnew.newnet.local:9445/ca/admin/console/config/login?pin=mgjpN14xJzgNR97RW7dt 
If password.conf & serverCertNick.conf are unmodified then, configuration link opens and SoftHSM module is listed as Found, but doesn't allow to set it as default for the CA system. 

Please help in setting up external HSM to be configured with certificate system. 

Thanks, 

Br, 
Kishore 
8105176926 


_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list