[06/Aug/2013:14:33:54][http-9445-1]: BaseServlet:service() uri = /ca/admin/console/config/login

[06/Aug/2013:14:33:54][http-9445-1]: BaseServlet::service() param name='pin' value='(sensitive)'

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Welcome

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Key Store

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=ConfigHSMLogin

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Security Domain

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Display Certificate Chain

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Subsystem Type

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Display Certificate Chain

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Import Keys and Certificates

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=PKI Hierarchy

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Internal Database

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Key Pairs

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Subject Names

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Requests and Certificates

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Export Keys and Certificates

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Save Keys and Certificates

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Import CA's Certificate Chain

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Administrator

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Import Administrator's Certificate

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Done

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: done

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: process

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet:service() uri = /ca/admin/console/config/wizard

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: op=display

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: size=19

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: in display

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: firstpanel

[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel=com.netscape.cms.servlet.csadmin.WelcomePanel@1f2af1c

CS.cfg changes

--------------------------

Br,

Kishore

> Date: Mon, 5 Aug 2013 13:18:43 -0400
> From: jmagne@redhat.com
> To: jayakishore.thunga@hotmail.com
> CC: pki-users@redhat.com
> Subject: Re: [Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag
>
> You should get to a screen on the wizard that asks you to choose a module?
>
> You are not seeing this?
>
> TAke a look at the end of the log file /var/lib/pki-ca/logs/debug and see if anything sticks out with respect to your token.
>
>
> Also, you might want to run through a test installation with the internal module just to see if you can get a regular CA running ok.
>
> thanks,
> jack
>
>
> ----- Original Message -----
> From: "Jayakishore Thunga" <jayakishore.thunga@hotmail.com>
> To: pki-users@redhat.com
> Sent: Monday, August 5, 2013 2:01:06 AM
> Subject: [Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag
>
> Hi ,
>
> I am configuring external HSM called SoftHSM to certificate system. Here is my configuration
> DogTag 9.0
> Fedora 15
>
> After pkicreate, i created softhsm entry into the db. Here are the details
>
> [root@fed15vmnew alias]# modutil -dbdir . -nocertdb -list
> Listing of PKCS #11 Modules
> -----------------------------------------------------------
> 1. NSS Internal PKCS #11 Module
> slots: 2 slots attached
> status: loaded
>
> slot: NSS Internal Cryptographic Services
> token: NSS Generic Crypto Services
>
> slot: NSS User Private Key and Certificate Services
> token: NSS Certificate DB
>
> 2. SOFTHSM PKCS #11 Module
> library name: /usr/lib/softhsm/libsofthsm.so
> slots: 1 slot attached
> status: loaded
>
> slot: SoftHSM
> token: softhsm
> -----------------------------------------------------------
>
>
> [root@fed15vmnew alias]# modutil -dbdir . -nocertdb -list "SOFTHSM PKCS #11 Module"
> -----------------------------------------------------------
> Name: SOFTHSM PKCS #11 Module
> Library file: /usr/lib/softhsm/libsofthsm.so
> Manufacturer: SoftHSM
> Description: Implementation of PKCS11
> PKCS #11 Version 2.20
> Library Version: 1.3
> Cipher Enable Flags: None
> Default Mechanism Flags: RSA
>
> Slot: SoftHSM
> Slot Mechanism Flags: RSA
> Manufacturer: SoftHSM
> Type: Software
> Version Number: 1.3
> Firmware Version: 1.3
> Status: Enabled
> Token Name: softhsm
> Token Manufacturer: SoftHSM
> Token Model: SoftHSM
> Token Serial Number: 1
> Token Version: 1.3
> Token Firmware Version: 1.3
> Access: NOT Write Protected
> Login Type: Login required
> User Pin: Initialized
>
> /var/lib/pki-ca/conf/password.conf
> added this line
> hardware-softhsm=12345
> &
> Modified /var/lib/pki-ca/conf/ serverCertNick.conf
> softhsm:Server-Cert cert-pki-ca
>
> After this, configuration link doesn't open https://fed15vmnew.newnet.local:9445/ca/admin/console/config/login?pin=mgjpN14xJzgNR97RW7dt
> If password.conf & serverCertNick.conf are unmodified then, configuration link opens and SoftHSM module is listed as Found, but doesn't allow to set it as default for the CA system.
>
> Please help in setting up external HSM to be configured with certificate system.
>
> Thanks,
>
> Br,
> Kishore
> 8105176926
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users