Hi Christina,
Good to hear from you again.
I changed the token name and removed the space, but nothing changed,
unfortunately:
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. CryptoServer
library name: /usr/bin/libcs2_pkcs11.so
slots: 1 slot attached
status: loaded
slot: CryptoServer Device '/dev/cs2' - Slot No: 0
token: CBUAETEST
-----------------------------------------------------------
The debug file for the new CA instance shows:
-------------------------------------------
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: display()
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got module
NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: supported
modules count= 4
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: module
found: NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token nick
name=NSS Generic Crypto Services
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token
logged in?false
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token is
present?true
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token NSS
Generic Crypto Services not to be added
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token nick
name=Internal Key Storage Token
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token
logged in?true
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token is
present?true
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: nfast
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module nfast
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: lunasa
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module lunasa
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: CryptoServer
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module CryptoServer
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel subpanelno =9
-------------------------------------------
The CS.cfg for this instance has the following:
-------------------------------------------
preop.configModules.count=4
...
preop.configModules.module3.commonName=CryptoServer
preop.configModules.module3.imagePath=../img/clearpixel.gif
preop.configModules.module3.userFriendlyName=Utimacos's CryptoServer
Hardware Security Module
preop.module.token=CBUAETEST
-------------------------------------------
Arshad Noor
StrongAuth, Inc.
Christina Fu wrote:
Hi Arshad,
Just a thought. Did you try removing the space for your token name?
Christina
Arshad Noor wrote:
> Can someone from the DogTag team explain the process by which
> the installation servlet "finds" PKCS11 modules/HSMs and logs
> into them? Alternatively, if you can point me to the specific
> source module that performs this, I'd be happy to look at it
> myself.
>
> I'm still baffled by our inability to have the installation
> servlet find the Utimaco HSM module, despite the fact that
> modutil sees it:
>
> $ pet105:~> modutil -dbdir /var/lib/subca01/alias -nocertdb -list
>
> Listing of PKCS #11 Modules
> -----------------------------------------------------------
> 1. NSS Internal PKCS #11 Module
> slots: 2 slots attached
> status: loaded
>
> slot: NSS Internal Cryptographic Services
> token: NSS Generic Crypto Services
>
> slot: NSS User Private Key and Certificate Services
> token: NSS Certificate DB
>
> 2. CryptoServer
> library name: /usr/bin/libcs2_pkcs11.so
> slots: 1 slot attached
> status: loaded
>
> slot: CryptoServer Device '/dev/cs2' - Slot No: 0
> token: CBUAE TEST
> -----------------------------------------------------------
>
>
> There were some SELinux errors, but I fixed all of them; despite
> all calls now being successful, the installation servlet will
> still not see the HSM.
>
> Thanks.
>
> Arshad Noor
> StrongAuth, Inc.
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/pki-users