So, how did you resolve this, Mike? Or, is it still unresolved?
Thanks.
Arshad Noor
StrongAuth, Inc.
Michael StJohns wrote:
Sorry - after I sent my earlier email I realized you probably
encountered the same problem I did.
I need to report the bug to Utimaco/Sophos, but the driver on the 2.01
disk for Linux appears to have problems finding the configuration file
in the standard locations. I'm not sure exactly what the problem is.
You can duplicate this by clearing the CS2_PKCS11_INI environment
variable, placing the cs2_pkcs11.ini file in one of the standard
locations - e.g. /usr/etc/cs2_pkcs11.ini and then running the modutil
command again over a blank database and try and add the module again.
If you get the error CKR_FUNCTION_FAILED - its the same issue.
Strangely enough, the config file is found, its just not loaded for some
reason. (Do an 'strace' and look at the "access" calls).
Mike
On 4/15/2010 8:49 PM, Arshad Noor wrote:
> Hi,
>
> I've updated DogTag to the current modules available (FC11 x86_64):
>
> dogtag-pki-ca-ui-1.3.1-1.fc11.noarch
> dogtag-pki-common-ui-1.3.1-1.fc11.noarch
> dogtag-pki-console-ui-1.3.1-1.fc11.noarch
>
> pki-ca-1.3.3-1.fc11.noarch
> pki-common-1.3.3-1.fc11.noarch
> pki-console-1.3.1-1.fc11.noarch
> pki-java-tools-1.3.1-1.fc11.noarch
> pki-native-tools-1.3.0-5.fc11.x86_64
> pki-selinux-1.3.4-1.fc11.noarch
> pki-setup-1.3.4-1.fc11.noarch
> pki-silent-1.3.2-1.fc11.noarch
> pki-symkey-1.3.2-3.fc11.x86_64
> pki-util-1.3.0-5.fc11.noarch
>
>
> I've installed and successfully tested a Utimaco CryptoServer HSM
> on the operating system, including adding it to secmod.db (in the
> /var/lib/subca01/alias directory), generating a RSA key-pair,
> issuing a self-signed and listing the objects using certutil (the
> attached hsm-config.txt file shows sample output).
>
> I've modified CS.cfg in /etc/subca01 to include this token (as the
> attached modules.txt file shows).
>
> I've even restarted pki-cad services after adding the HSM to secmod.db,
> to ensure that the DogTag code reads secmod.db with the CryptoServer
> configured in it.
>
> However, when it comes time to install a Subordinate CA, the KeyStore
> page claims that the Utimaco HSM is not found (see keystore-page.png)
> even though it is correctly listed on the page under "Supported
> Security Modules".
>
> What am I missing?
>
> How do I get DogTag to use the HSM to generate the key-pair?
>
> Thanks.
>
> Arshad Noor
> StrongAuth, Inc.
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/pki-users
>
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users