Re: [Pki-users] Problems with Luna PCI HSM and dogtag 1.3

I have not worked on a Luna PCI HSM, but did you try the following to see if it provides you with any clue on the status of the token? modutil -dbdir /var/lib/igi-ca/alias -list lunapci And another suggestion is to add the token/password in the password.conf file before you start the configuration. Christina On 05/24/2012 05:34 AM, Riccardo Brunetti wrote: > > Dear pki-users. > We are setting up a CA subsystem using dogtag 1.3 on CentOS-5.8 and a > HSM Luna PCI3000 (SafeNet). > The HSM card seems to be correctly installed in the system and, using > the command line utilities, we could create a partition on the HSM to > store the crypto data. > > Unfortunately, when I run pkicreate and then the configuration wizard > in order to configure the CA subsystem, the HSM modules seems not to > be detected and the system still uses the software "NSS Internal PKCS > #11 Module". > > I also tried to manually load the pkcs#11 module using the command: > > # modutil -dbdir /var/lib/igi-ca/alias -nocertdb -add lunapci > -libfile /usr/lunapci/lib/libCryptoki2_64.so > > and the output of the list command is the following: > > # modutil -dbdir /var/lib/igi-ca/alias -list > > Listing of PKCS #11 Modules > ----------------------------------------------------------- > 1. NSS Internal PKCS #11 Module > slots: 2 slots attached > status: loaded > > slot: NSS Internal Cryptographic Services > token: NSS Generic Crypto Services > > slot: NSS User Private Key and Certificate Services > token: NSS Certificate DB > > 2. lunapci > library name: /usr/lunapci/lib/libCryptoki2_64.so > slots: 1 slot attached > status: loaded > > slot: Viper PCI Card > token: turintest > ----------------------------------------------------------- > > Moreover this is the output of TokenInfo command: > > # TokenInfo /var/lib/igi-ca/alias/ > > Database Path: /var/lib/igi-ca/alias/ > Found external module 'NSS Internal PKCS #11 Module' > Found external module 'lunapci' > Found external token 'turintest' > > Despite all of that, when the configuration wizard comes to the "Key > Store" page the module is not listed. > I then tried to include it manually in the CS.cfg file: > > preop.configModules.module0.commonName=lunapci > preop.configModules.module0.imagePath=../img/clearpixel.gif > preop.configModules.module0.userFriendlyName=lunapci > > and in this case it is listed but in Status "Not Found" > > How can I solve this issue? Do you have some suggestions? > > Thank you very much > R. Brunetti > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users