Re: [Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag

You should get to a screen on the wizard that asks you to choose a module? You are not seeing this? TAke a look at the end of the log file /var/lib/pki-ca/logs/debug and see if anything sticks out with respect to your token. Also, you might want to run through a test installation with the internal module just to see if you can get a regular CA running ok. thanks, jack ----- Original Message ----- From: "Jayakishore Thunga" <jayakishore.thunga(a)hotmail.com&gt; To: pki-users(a)redhat.com Sent: Monday, August 5, 2013 2:01:06 AM Subject: [Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag Hi , I am configuring external HSM called SoftHSM to certificate system. Here is my configuration DogTag 9.0 Fedora 15 After pkicreate, i created softhsm entry into the db. Here are the details [root@fed15vmnew alias]# modutil -dbdir . -nocertdb -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB 2. SOFTHSM PKCS #11 Module library name: /usr/lib/softhsm/libsofthsm.so slots: 1 slot attached status: loaded slot: SoftHSM token: softhsm ----------------------------------------------------------- [root@fed15vmnew alias]# modutil -dbdir . -nocertdb -list "SOFTHSM PKCS #11 Module" ----------------------------------------------------------- Name: SOFTHSM PKCS #11 Module Library file: /usr/lib/softhsm/libsofthsm.so Manufacturer: SoftHSM Description: Implementation of PKCS11 PKCS #11 Version 2.20 Library Version: 1.3 Cipher Enable Flags: None Default Mechanism Flags: RSA Slot: SoftHSM Slot Mechanism Flags: RSA Manufacturer: SoftHSM Type: Software Version Number: 1.3 Firmware Version: 1.3 Status: Enabled Token Name: softhsm Token Manufacturer: SoftHSM Token Model: SoftHSM Token Serial Number: 1 Token Version: 1.3 Token Firmware Version: 1.3 Access: NOT Write Protected Login Type: Login required User Pin: Initialized /var/lib/pki-ca/conf/password.conf added this line hardware-softhsm=12345 & Modified /var/lib/pki-ca/conf/ serverCertNick.conf softhsm:Server-Cert cert-pki-ca After this, configuration link doesn't open https://fed15vmnew.newnet.local:9445/ca/admin/console/config/login?pin=mg... If password.conf & serverCertNick.conf are unmodified then, configuration link opens and SoftHSM module is listed as Found, but doesn't allow to set it as default for the CA system. Please help in setting up external HSM to be configured with certificate system. Thanks, Br, Kishore 8105176926 _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users