Jayak:
Thanks for the info. Will have to take a closer look at this when I can have a moment.
Will try to as soon as possible, lots of stuff going on right this second.
----- Original Message -----
From: "Jayakishore Thunga" <jayakishore.thunga(a)hotmail.com>
To: "John Magne" <jmagne(a)redhat.com>
Cc: pki-users(a)redhat.com
Sent: Tuesday, August 6, 2013 2:29:15 AM
Subject: RE: [Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag
Hi Jack,
test installation with the internal module is fine.
Please find attached wizard image, doesn't give an option to select token under
"SOFTHSM PKCS#11 MODULE".
Here is debug
log--------------------------------------[06/Aug/2013:14:33:54][http-9445-1]:
BaseServlet:service() uri =
/ca/admin/console/config/login[06/Aug/2013:14:33:54][http-9445-1]: BaseServlet::service()
param name='pin' value='(sensitive)'[06/Aug/2013:14:33:54][http-9445-1]:
WizardServlet: panel name=Welcome[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel
name=Key Store[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel
name=ConfigHSMLogin[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Security
Domain[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Display Certificate
Chain[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Subsystem
Type[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Display Certificate
Chain[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Import Keys and
Certificates[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=PKI
Hierarchy[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Internal
Database[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Key
Pairs[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Subject
Names[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Requests and
Certificates[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Export Keys and
Certificates[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Save Keys and
Certificates[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Import CA's
Certificate Chain[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel
name=Administrator[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel name=Import
Administrator's Certificate[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: panel
name=Done[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet:
done[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet:
process[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet:service() uri =
/ca/admin/console/config/wizard[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet:
op=display[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet:
size=19[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet: in
display[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet:
firstpanel[06/Aug/2013:14:33:54][http-9445-1]: WizardServlet:
panel=com.netscape.cms.servlet.csadmin.WelcomePanel@1f2af1c[06/Aug/2013:14:33:54][http-9445-1]:
WelcomePanel: display()[06/Aug/2013:14:33:55][http-9445-1]: WizardServlet:
process[06/Aug/2013:14:33:55][http-9445-1]: WizardServlet:service() uri =
/ca/admin/console/config/wizard[06/Aug/2013:14:33:55][http-9445-1]:
WizardServlet::service() param name='p'
value='0'[06/Aug/2013:14:33:55][http-9445-1]: WizardServlet::service() param
name='op' value='next'[06/Aug/2013:14:33:55][http-9445-1]: WizardServlet:
op=next[06/Aug/2013:14:33:55][http-9445-1]: WizardServlet:
size=19[06/Aug/2013:14:33:55][http-9445-1]: WizardServlet: in next
0[06/Aug/2013:14:33:56][http-9445-1]: getNextPanel input
p=0[06/Aug/2013:14:33:56][http-9445-1]: getNextPanel output
p=1[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel:
display()[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: got module NSS Internal PKCS
#11 Module[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: got module SOFTHSM PKCS#11
MODULE[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: supported modules count=
2[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: got from config module: NSS Internal
PKCS #11 Module[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: module found: NSS
Internal PKCS #11 Module[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: token nick
name=NSS Generic Crypto Services[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: token
logged in?false[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: token is
present?true[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: token NSS Generic Crypto
Services not to be added[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: token nick
name=Internal Key Storage Token[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: token
logged in?true[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: token is
present?true[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: adding module NSS Internal
PKCS #11 Module[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: got from config module:
SOFTHSM PKCS#11 MODULE[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: module found:
SOFTHSM PKCS#11 MODULE[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel: adding module
SOFTHSM PKCS#11 MODULE[06/Aug/2013:14:33:56][http-9445-1]: ModulePanel subpanelno
=2[06/Aug/2013:14:33:56][http-9445-1]: panel no=1[06/Aug/2013:14:33:56][http-9445-1]:
panel name=module[06/Aug/2013:14:33:56][http-9445-1]: total number of panels=19
CS.cfg
changes--------------------------preop.configModules.count=2preop.configModules.module0.commonName=NSS
Internal PKCS #11
Modulepreop.configModules.module0.imagePath=../img/clearpixel.gifpreop.configModules.module0.userFriendlyName=NSS
Internal PKCS #11 Modulepreop.configModules.module1.commonName=SOFTHSM PKCS#11
MODULEpreop.configModules.module1.imagePath=../img/clearpixel.gifpreop.configModules.module1.userFriendlyName=SOFTHSM
PKCS#11 MODULE
preop.module.token=softhsm
modutil -dbdir . -list (in /var/lib/pki-ca/alias)--------------------------Listing of PKCS
#11 Modules----------------------------------------------------------- 1. NSS Internal
PKCS #11 Module slots: 2 slots attached status: loaded
slot: NSS Internal Cryptographic Services token: NSS Generic Crypto
Services
slot: NSS User Private Key and Certificate Services token: NSS Certificate
DB
2. SOFTHSM PKCS#11 MODULE library name: /usr/lib/softhsm/libsofthsm.so
slots: 1 slot attached status: loaded
slot: SoftHSM token: softhsm
Br,Kishore8105176926
Date: Mon, 5 Aug 2013 13:18:43 -0400
From: jmagne(a)redhat.com
To: jayakishore.thunga(a)hotmail.com
CC: pki-users(a)redhat.com
Subject: Re: [Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag
You should get to a screen on the wizard that asks you to choose a module?
You are not seeing this?
TAke a look at the end of the log file /var/lib/pki-ca/logs/debug and see if anything
sticks out with respect to your token.
Also, you might want to run through a test installation with the internal module just to
see if you can get a regular CA running ok.
thanks,
jack
----- Original Message -----
From: "Jayakishore Thunga" <jayakishore.thunga(a)hotmail.com>
To: pki-users(a)redhat.com
Sent: Monday, August 5, 2013 2:01:06 AM
Subject: [Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag
Hi ,
I am configuring external HSM called SoftHSM to certificate system. Here is my
configuration
DogTag 9.0
Fedora 15
After pkicreate, i created softhsm entry into the db. Here are the details
[root@fed15vmnew alias]# modutil -dbdir . -nocertdb -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. SOFTHSM PKCS #11 Module
library name: /usr/lib/softhsm/libsofthsm.so
slots: 1 slot attached
status: loaded
slot: SoftHSM
token: softhsm
-----------------------------------------------------------
[root@fed15vmnew alias]# modutil -dbdir . -nocertdb -list "SOFTHSM PKCS #11
Module"
-----------------------------------------------------------
Name: SOFTHSM PKCS #11 Module
Library file: /usr/lib/softhsm/libsofthsm.so
Manufacturer: SoftHSM
Description: Implementation of PKCS11
PKCS #11 Version 2.20
Library Version: 1.3
Cipher Enable Flags: None
Default Mechanism Flags: RSA
Slot: SoftHSM
Slot Mechanism Flags: RSA
Manufacturer: SoftHSM
Type: Software
Version Number: 1.3
Firmware Version: 1.3
Status: Enabled
Token Name: softhsm
Token Manufacturer: SoftHSM
Token Model: SoftHSM
Token Serial Number: 1
Token Version: 1.3
Token Firmware Version: 1.3
Access: NOT Write Protected
Login Type: Login required
User Pin: Initialized
/var/lib/pki-ca/conf/password.conf
added this line
hardware-softhsm=12345
&
Modified /var/lib/pki-ca/conf/ serverCertNick.conf
softhsm:Server-Cert cert-pki-ca
After this, configuration link doesn't open
https://fed15vmnew.newnet.local:9445/ca/admin/console/config/login?pin=mg...
If password.conf & serverCertNick.conf are unmodified then, configuration link opens
and SoftHSM module is listed as Found, but doesn't allow to set it as default for the
CA system.
Please help in setting up external HSM to be configured with certificate system.
Thanks,
Br,
Kishore
8105176926
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users Ja