Re: [Pki-users] Problems with Luna PCI HSM and dogtag 1.3
I have not worked on a Luna PCI HSM, but did you try the following to
see if it provides you with any clue on the status of the token?
modutil -dbdir /var/lib/igi-ca/alias -list lunapci
And another suggestion is to add the token/password in the password.conf
file before you start the configuration.
Christina
On 05/24/2012 05:34 AM, Riccardo Brunetti wrote:
Dear pki-users.
We are setting up a CA subsystem using dogtag 1.3 on CentOS-5.8 and a
HSM Luna PCI3000 (SafeNet).
The HSM card seems to be correctly installed in the system and, using
the command line utilities, we could create a partition on the HSM to
store the crypto data.
Unfortunately, when I run pkicreate and then the configuration wizard
in order to configure the CA subsystem, the HSM modules seems not to
be detected and the system still uses the software "NSS Internal PKCS
#11 Module".
I also tried to manually load the pkcs#11 module using the command:
# modutil -dbdir /var/lib/igi-ca/alias -nocertdb -add lunapci -libfile
/usr/lunapci/lib/libCryptoki2_64.so
and the output of the list command is the following:
# modutil -dbdir /var/lib/igi-ca/alias -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. lunapci
library name: /usr/lunapci/lib/libCryptoki2_64.so
slots: 1 slot attached
status: loaded
slot: Viper PCI Card
token: turintest
-----------------------------------------------------------
Moreover this is the output of TokenInfo command:
# TokenInfo /var/lib/igi-ca/alias/
Database Path: /var/lib/igi-ca/alias/
Found external module 'NSS Internal PKCS #11 Module'
Found external module 'lunapci'
Found external token 'turintest'
Despite all of that, when the configuration wizard comes to the "Key
Store" page the module is not listed.
I then tried to include it manually in the CS.cfg file:
preop.configModules.module0.commonName=lunapci
preop.configModules.module0.imagePath=../img/clearpixel.gif
preop.configModules.module0.userFriendlyName=lunapci
and in this case it is listed but in Status "Not Found"
How can I solve this issue? Do you have some suggestions?
Thank you very much
R. Brunetti
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users