Re: [Pki-users] Utimaco HSM "Not Found" problem
This is the only CA using the HSM. The TEST Root was setup
using the Internal token.
Arshad Noor
StrongAuth, Inc.
Michael StJohns wrote:
Any chance you're trying to use the same Slot for multiple CAs?
The
module listing only shows a single slot. It's possible/probable that
won't work. Try initializing a second slot on the UT and try again.
Mike
On 4/15/2010 8:49 PM, Arshad Noor wrote:
> Hi,
>
> I've updated DogTag to the current modules available (FC11 x86_64):
>
> dogtag-pki-ca-ui-1.3.1-1.fc11.noarch
> dogtag-pki-common-ui-1.3.1-1.fc11.noarch
> dogtag-pki-console-ui-1.3.1-1.fc11.noarch
>
> pki-ca-1.3.3-1.fc11.noarch
> pki-common-1.3.3-1.fc11.noarch
> pki-console-1.3.1-1.fc11.noarch
> pki-java-tools-1.3.1-1.fc11.noarch
> pki-native-tools-1.3.0-5.fc11.x86_64
> pki-selinux-1.3.4-1.fc11.noarch
> pki-setup-1.3.4-1.fc11.noarch
> pki-silent-1.3.2-1.fc11.noarch
> pki-symkey-1.3.2-3.fc11.x86_64
> pki-util-1.3.0-5.fc11.noarch
>
>
> I've installed and successfully tested a Utimaco CryptoServer HSM
> on the operating system, including adding it to secmod.db (in the
> /var/lib/subca01/alias directory), generating a RSA key-pair,
> issuing a self-signed and listing the objects using certutil (the
> attached hsm-config.txt file shows sample output).
>
> I've modified CS.cfg in /etc/subca01 to include this token (as the
> attached modules.txt file shows).
>
> I've even restarted pki-cad services after adding the HSM to secmod.db,
> to ensure that the DogTag code reads secmod.db with the CryptoServer
> configured in it.
>
> However, when it comes time to install a Subordinate CA, the KeyStore
> page claims that the Utimaco HSM is not found (see keystore-page.png)
> even though it is correctly listed on the page under "Supported
> Security Modules".
>
> What am I missing?
>
> How do I get DogTag to use the HSM to generate the key-pair?
>
> Thanks.
>
> Arshad Noor
> StrongAuth, Inc.
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users