Sorry - after I sent my earlier email I realized you probably encountered the same problem I did.

I need to report the bug to Utimaco/Sophos, but the driver on the 2.01 disk for Linux appears to have problems finding the configuration file in the standard locations.  I'm not sure exactly what the problem is.  You can duplicate this by clearing the CS2_PKCS11_INI environment variable, placing the cs2_pkcs11.ini file in one of the standard locations  - e.g. /usr/etc/cs2_pkcs11.ini and then running the modutil command again over  a blank database and try and add the module again.   If you get the error CKR_FUNCTION_FAILED - its the same issue. 

Strangely enough, the config file is found, its just not loaded for some reason.  (Do an 'strace' and look at the "access" calls).

Mike

On 4/15/2010 8:49 PM, Arshad Noor wrote:
Hi,

I've updated DogTag to the current modules available (FC11 x86_64):

    dogtag-pki-ca-ui-1.3.1-1.fc11.noarch
    dogtag-pki-common-ui-1.3.1-1.fc11.noarch
    dogtag-pki-console-ui-1.3.1-1.fc11.noarch

    pki-ca-1.3.3-1.fc11.noarch
    pki-common-1.3.3-1.fc11.noarch
    pki-console-1.3.1-1.fc11.noarch
    pki-java-tools-1.3.1-1.fc11.noarch
    pki-native-tools-1.3.0-5.fc11.x86_64
    pki-selinux-1.3.4-1.fc11.noarch
    pki-setup-1.3.4-1.fc11.noarch
    pki-silent-1.3.2-1.fc11.noarch
    pki-symkey-1.3.2-3.fc11.x86_64
    pki-util-1.3.0-5.fc11.noarch


I've installed and successfully tested a Utimaco CryptoServer HSM
on the operating system, including adding it to secmod.db (in the
/var/lib/subca01/alias directory), generating a RSA key-pair,
issuing a self-signed and listing the objects using certutil (the
attached hsm-config.txt file shows sample output).

I've modified CS.cfg in /etc/subca01 to include this token (as the
attached modules.txt file shows).

I've even restarted pki-cad services after adding the HSM to secmod.db,
to ensure that the DogTag code reads secmod.db with the CryptoServer
configured in it.

However, when it comes time to install a Subordinate CA, the KeyStore
page claims that the Utimaco HSM is not found (see keystore-page.png)
even though it is correctly listed on the page under "Supported
Security Modules".

What am I missing?

How do I get DogTag to use the HSM to generate the key-pair?

Thanks.

Arshad Noor
StrongAuth, Inc.
_______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users