Re: [Pki-users] Utimaco HSM "Not Found" problem
Interesting.
I added the Utimaco to the list of supported modules (CS.cfg -
preop.configModules). This time it showed up in the list in the
supported section along with the "Login" tag.
I clicked "Login" and manually logged in, selected the module as the
default, and completed the enrollment. I then went back to the HSM and
using the Utimaco provided tool confirmed all the keys etc are present.
zcoolkey showed up in the unsupported list.
So try:
Add utimaco to the pkicreate script in /usr/bin
Add utimaco to the supported list in the default CS.cfg
/usr/share/pki/ca/conf
Mike
On 4/27/2010 9:51 PM, Michael StJohns wrote:
OK -
Using my recompiled/relinked version of the Utimaco library on Fedora
12 - 32 bit.
I can consistently get the Utimaco library to show up in the list with
the three slots I've initialized. BUT - none of those show up with
the "Login" button.
The reason I couldn't get it to work before was because of the coolkey
library... if that libary is loaded (name "coolkey"), modutil and
TokenInfo both see it, but only the coolkey library gets listed on the
setup page.
I deleted the coolkey library, restarted the server and the Utimaco
slots showed up.
I re-added the coolkey library with the name "zcoolkey", restarted the
server - only the Utimaco slots showed up.
- At this point I got suspicious and tried one more thing.
I deleted the Utimaco library with the name "utimaco", restarted the
server. The zcoolkey library showed up.
Hmm..... looks like for some reason, only the first module
(alphabetically) is being listed/loaded.
Mike
On 4/27/2010 8:51 PM, Arshad Noor wrote:
> Was this on a 32-bit or 64-bit environment, Mike? I was planning to
> test this with the 32-bit version of Fedora 11, based on your assertion
> that it worked. But, now it appears that this might be unpredictable.
> Is that right?
>
> Arshad Noor
> StrongAuth, Inc.
>
> Michael StJohns wrote:
>> On 4/26/2010 10:46 PM, Christina Fu wrote:
>>> Actually, I did spend some time looking into JSS code. The result
>>> was inconclusive. The code appeared to be reasonable. I do
>>> suspect, however, without looking closely at the code, that somehow
>>> the module is unloaded somewhere along the way.
>>> I'm curious whether this is an issue on this particular HSM, or if
>>> it's a matter of handling external modules (including software
>>> modules) in general.
>>> Has anyone had any success installing/using certicom module on this
>>> platform, for example?
>>>
>>> Again, I did not see any email from another member (StJohns?) that
>>> you mentioned claiming success with Utimaco HSM on a 32 bit
>>> machine... could you please forward the email?
>>> Another thing is, I'm not familiar with Utimaco HSM, but you might
>>> want to find out how to turn on debugger.
>>>
>>> Otherwise, try turning on NSS debugging, which might give you some
>>> clue.
>>>
>>> Christina
>>>
>>
>> Hi Christina -
>>
>> I had to put work on this aside for a few days, but am getting back
>> to it. I've had uneven results. The time that I got the HSM to
>> show up with the slots, but I didn't get the "Login" button. This
>> time, I didn't even get the HSM to show up. The first time, I added
>> the HSM manually, the second via a mod to the create script. Still
>> working my way through it.
>>
>> I modified pki_create_instance to add both the Utimaco library and
>> the Coolkey PKCS11 libary. I had to turn off SELinux enforcement
>> to get Coolkey to show up on the list, but even then, the Utimaco
>> lib didn't. I haven't had a chance to go back and check again.
>>
>> Mike
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users