<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Any chance you're trying to use the same Slot for multiple CAs? The
module listing only shows a single slot. It's possible/probable that
won't work. Try initializing a second slot on the UT and try again.<br>
<br>
Mike<br>
<br>
<br>
On 4/15/2010 8:49 PM, Arshad Noor wrote:
<blockquote cite="mid:4BC7B428.7060808@strongauth.com" type="cite">Hi,
<br>
<br>
I've updated DogTag to the current modules available (FC11 x86_64):
<br>
<br>
dogtag-pki-ca-ui-1.3.1-1.fc11.noarch
<br>
dogtag-pki-common-ui-1.3.1-1.fc11.noarch
<br>
dogtag-pki-console-ui-1.3.1-1.fc11.noarch
<br>
<br>
pki-ca-1.3.3-1.fc11.noarch
<br>
pki-common-1.3.3-1.fc11.noarch
<br>
pki-console-1.3.1-1.fc11.noarch
<br>
pki-java-tools-1.3.1-1.fc11.noarch
<br>
pki-native-tools-1.3.0-5.fc11.x86_64
<br>
pki-selinux-1.3.4-1.fc11.noarch
<br>
pki-setup-1.3.4-1.fc11.noarch
<br>
pki-silent-1.3.2-1.fc11.noarch
<br>
pki-symkey-1.3.2-3.fc11.x86_64
<br>
pki-util-1.3.0-5.fc11.noarch
<br>
<br>
<br>
I've installed and successfully tested a Utimaco CryptoServer HSM
<br>
on the operating system, including adding it to secmod.db (in the
<br>
/var/lib/subca01/alias directory), generating a RSA key-pair,
<br>
issuing a self-signed and listing the objects using certutil (the
<br>
attached hsm-config.txt file shows sample output).
<br>
<br>
I've modified CS.cfg in /etc/subca01 to include this token (as the
<br>
attached modules.txt file shows).
<br>
<br>
I've even restarted pki-cad services after adding the HSM to secmod.db,
<br>
to ensure that the DogTag code reads secmod.db with the CryptoServer
<br>
configured in it.
<br>
<br>
However, when it comes time to install a Subordinate CA, the KeyStore
<br>
page claims that the Utimaco HSM is not found (see keystore-page.png)
<br>
even though it is correctly listed on the page under "Supported
<br>
Security Modules".
<br>
<br>
What am I missing?
<br>
<br>
How do I get DogTag to use the HSM to generate the key-pair?
<br>
<br>
Thanks.
<br>
<br>
Arshad Noor
<br>
StrongAuth, Inc.
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Pki-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-users@redhat.com">Pki-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-users">https://www.redhat.com/mailman/listinfo/pki-users</a>
</pre>
</blockquote>
<br>
</body>
</html>