4:50 p.m.
Arshad,
I'm curious. The unsupported modules are supposed to be picked up by
the configuration module. That means, you don't need to add those
configModules in the CS.cfg.
Can you try doing that?
If that works, I'd be interested in knowing if the token name with space
contributed to any part of the issue too.
Chistina
Arshad Noor wrote:
Hi Christina,
Good to hear from you again.
I changed the token name and removed the space, but nothing changed,
unfortunately:
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. CryptoServer
library name: /usr/bin/libcs2_pkcs11.so
slots: 1 slot attached
status: loaded
slot: CryptoServer Device '/dev/cs2' - Slot No: 0
token: CBUAETEST
-----------------------------------------------------------
The debug file for the new CA instance shows:
-------------------------------------------
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: display()
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got
module NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: supported
modules count= 4
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: module
found: NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token
nick name=NSS Generic Crypto Services
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token
logged in?false
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token is
present?true
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token NSS
Generic Crypto Services not to be added
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token
nick name=Internal Key Storage Token
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token
logged in?true
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: token is
present?true
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module NSS Internal PKCS #11 Module
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: nfast
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module nfast
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: lunasa
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module lunasa
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: got from
config module: CryptoServer
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel: adding
module CryptoServer
[22/Apr/2010:13:59:43][http-11004-Processor21]: ModulePanel subpanelno =9
-------------------------------------------
The CS.cfg for this instance has the following:
-------------------------------------------
preop.configModules.count=4
...
preop.configModules.module3.commonName=CryptoServer
preop.configModules.module3.imagePath=../img/clearpixel.gif
preop.configModules.module3.userFriendlyName=Utimacos's CryptoServer
Hardware Security Module
preop.module.token=CBUAETEST
-------------------------------------------
Arshad Noor
StrongAuth, Inc.
Christina Fu wrote:
> Hi Arshad,
>
> Just a thought. Did you try removing the space for your token name?
>
> Christina
>
> Arshad Noor wrote:
>> Can someone from the DogTag team explain the process by which
>> the installation servlet "finds" PKCS11 modules/HSMs and logs
>> into them? Alternatively, if you can point me to the specific
>> source module that performs this, I'd be happy to look at it
>> myself.
>>
>> I'm still baffled by our inability to have the installation
>> servlet find the Utimaco HSM module, despite the fact that
>> modutil sees it:
>>
>> $ pet105:~> modutil -dbdir /var/lib/subca01/alias -nocertdb -list
>>
>> Listing of PKCS #11 Modules
>> -----------------------------------------------------------
>> 1. NSS Internal PKCS #11 Module
>> slots: 2 slots attached
>> status: loaded
>>
>> slot: NSS Internal Cryptographic Services
>> token: NSS Generic Crypto Services
>>
>> slot: NSS User Private Key and Certificate Services
>> token: NSS Certificate DB
>>
>> 2. CryptoServer
>> library name: /usr/bin/libcs2_pkcs11.so
>> slots: 1 slot attached
>> status: loaded
>>
>> slot: CryptoServer Device '/dev/cs2' - Slot No: 0
>> token: CBUAE TEST
>> -----------------------------------------------------------
>>
>>
>> There were some SELinux errors, but I fixed all of them; despite
>> all calls now being successful, the installation servlet will
>> still not see the HSM.
>>
>> Thanks.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>