I did and only difference is:
Op.enroll.sokey.keyGen.encryption.serverKeygen.enable=value
For "userkey" value is "true"
For "sokey" value is "[SERVER_KEYGEN]" , which translates to
"false".
It invokes Private key to be generated on the token instead of on the
server. (Can't tell why)
But that is where it fails. I played with it and changed it to match
the "userkey" ie, changed it to "true"
and tried it. It said successful, however, the key did not work as
Security Officer Mode. It simply completed
as userkey again.
From: Julius Adewumi
@GDC4S.com
Ph:480-441-6768
Contract Corp:MTSI
-----Original Message-----
From: John Magne [mailto:jmagne@redhat.com]
Sent: Monday, July 13, 2009 1:55 PM
To: Adewumi, Julius-p99373
Cc: pki-users(a)redhat.com
Subject: Re: [Pki-users] Error 7 in SOkey enrollment
Oh: OK, thanks.
So it's probably not an token or applet issue. In this case you might
want to inspect your TPS's CS.cfg. Compare the entries for "userKey"
which is the regular user with the ones for "soKey" and look for
differences.
----- Original Message -----
From: "Julius-p99373 Adewumi" <Julius.Adewumi(a)gdc4s.com>
To: "John Magne" <jmagne(a)redhat.com>
Cc: pki-users(a)redhat.com
Sent: Monday, July 13, 2009 1:40:47 PM GMT -08:00 US/Canada Pacific
Subject: RE: [Pki-users] Error 7 in SOkey enrollment
They are Gemalto smartcards. I can enroll users successfully, but to
enroll security officer (SO) who is capable of managing user-tokens is
the problem.
From: Julius Adewumi
-----Original Message-----
From: pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com]
On Behalf Of John Magne
Sent: Monday, July 13, 2009 12:53 PM
To: Adewumi, Julius-p99373
Cc: pki-users(a)redhat.com
Subject: Re: [Pki-users] Error 7 in SOkey enrollment
Just curious, what type of token are you trying?
----- Original Message -----
From: "Julius-p99373 Adewumi" <Julius.Adewumi(a)gdc4s.com>
To: pki-users(a)redhat.com
Sent: Monday, July 13, 2009 10:15:46 AM GMT -08:00 US/Canada Pacific
Subject: [Pki-users] Error 7 in SOkey enrollment
Error 7 in SOkey enrollment
Has anyone familiarity with the following VFY_CreateContext() failure or
the verifyProof failure who can shed some light on what is going on,
config or software release version --suspect is certEnroll()?
Here is a section of the log:
-------------------------------------------
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment -
Successfully read public key buffer
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment -
public_key = (length='271')
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 00 8b
00 01 04 00 00 80 8d aa
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - cc 88
8d f5 b5 ae 93 72 9c ec
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 60 c7
3c a8 65 f8 09 62 65 b7
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 95 8a
fe 5e 75 7e 00 2c ad 06
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 15 c3
ad 3f 96 39 c9 78 d8 73
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 07 92
3e 39 d9 3e 88 63 3b 18
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - de 76
6d 33 ec 49 53 25 ce 9c
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 5b 55
70 fe 4b 60 a0 f9 8a 75
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 29 9e
90 ac 87 9e fc 2b 1a 55
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - c9 04
00 21 ea 5c e1 f0 2f 0d
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 72 49
38 47 96 51 3d f2 ab 06
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 6e 9f
e8 93 e6 22 9b dc ab 3a
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - eb 80
d1 8d 5b 68 b1 6f 66 1b
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 3a 3d
5d 75 e9 87 00 03 01 00
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 01 00
80 5f a0 76 96 30 ff 55
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - db d5
4e b5 ed 4e 82 c9 8c d9
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - a7 56
0b bd fd e7 b2 34 c9 50
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - fa 2a
19 88 99 89 a6 80 39 5c
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - ed 89
a8 c8 17 52 b7 04 eb 25
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 91 b9
35 bd d9 e8 6e 5c 0b 7c
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 0a 80
bd 3f fc f4 20 a8 b6 61
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 49 0b
9f 0e c6 8b a5 8c 60 e7
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - d2 46
91 86 93 2f 6c 9d 56 62
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 30 33
79 84 ba 4d b5 60 14 87
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 03 8d
cd 17 85 a0 bc 02 21 ff
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 5c fe
71 cf fd f2 2b 7f 68 bb
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 1e 38
26 33 96 ff e2 48 66 ef
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 57
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment -
challenge size=16
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::process - challenge =
(length='16')
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::process - c9 1f 72 35
21 17 90 5a ed ce
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::process - dd a5 c6 9d
ad 51
[2009-07-01 16:35:52] b5b5710 AP_Session::WriteMsg - Sent
's=69&msg_type=14¤t_state=73&next_task_name=PROGRESS_PARSE_PUBLIC_
KEY'
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - About
to Parse Public Key
[2009-07-01 16:35:52] b5b5710 CertEnroll::verifyProof -
VFY_CreateContext() failed
[2009-07-01 16:35:52] b5b5710 CertEnroll::ParsePublicKeyBlob - verify
proof failed
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - Failed
to parse public key
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::GenerateCertificate -
Got a status error from DoEnrollment: 7
[2009-07-01 16:35:53] b5b5710 AP_Session::WriteMsg - Sent
's=42&msg_type=13&operation=1&result=1&message=7'
----------------------------------------
The config seems to show that Private Key is to be generated on the
Token for SO mode (Security Officer Mode enrollment). It is during this
Private Key generation that this failure occurs each time. Any input
will help. The lkast line of the log is where Error 7 was spawned.
From: Julius Adewumi
@GDC4S.com
Ph:480-441-6768
Contract Corp:MTSI
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users