From ogi at fmi.uni-sofia.bg Wed Aug 20 12:22:06 2008 From: ogi at fmi.uni-sofia.bg (Ognyan Kulev) Date: Wed, 20 Aug 2008 15:22:06 +0300 Subject: [Pki-users] PKI RA doesn't starts and wants password Message-ID: <48AC0C6E.4030800@fmi.uni-sofia.bg> Hi, I've successfully installed and configured PKI CA and PKI OCSP on CentOS 5.2. But trying to run PKI RA gives wants password: Starting pki-ra: Please enter password for "internal" token: I tried the passwords that I use for FDS or PKI CA, or the PIN of PKI RA but nothing works. If I just hit Enter, message indicates success: PKI service(s) are available at https://:12889 But this URL doesn't connect and there is no PKI RA process. The only other clue is the following error in /var/log/pki-ra/error_log [Wed Aug 20 13:48:40 2008] [info] Init: Initializing NSS library [Wed Aug 20 13:48:57 2008] [error] Unable to read from pin store for slot: internal APR err: 0 So what can be the problem and how can be fixed? Regards, Ognyan Kulev From ogi at fmi.uni-sofia.bg Wed Aug 20 14:43:01 2008 From: ogi at fmi.uni-sofia.bg (Ognyan Kulev) Date: Wed, 20 Aug 2008 17:43:01 +0300 Subject: [Pki-users] PKI RA doesn't starts and wants password In-Reply-To: <48AC0C6E.4030800@fmi.uni-sofia.bg> References: <48AC0C6E.4030800@fmi.uni-sofia.bg> Message-ID: <48AC2D75.8060809@fmi.uni-sofia.bg> Ognyan Kulev ??????: > Starting pki-ra: Please enter password for "internal" token: I found that the password that is wanted is in /etc/pki-ra/password.conf. I don't see this in documentation. Please write it there. And is it possible to avoid asking a password for starting the service? Or at least not to report success when just Enter is hit because the service doesn't actually starts. Regards, Ognyan Kulev From ogi at fmi.uni-sofia.bg Wed Aug 20 15:47:37 2008 From: ogi at fmi.uni-sofia.bg (Ognyan Kulev) Date: Wed, 20 Aug 2008 18:47:37 +0300 Subject: [Pki-users] PKI RA cannot find Security Modules Message-ID: <48AC3C99.70200@fmi.uni-sofia.bg> Hi, In PKI RA installation wizard, no supported security modules are found: NSS Internal PKCS #11 Module Not Found nCipher's nFast Token Hardware Module Not Found SafeNet's LunaSA Token Hardware Module Not Found How to fix that? Regards, Ognyan Kulev From jmagne at redhat.com Wed Aug 20 16:54:05 2008 From: jmagne at redhat.com (Jack Magne) Date: Wed, 20 Aug 2008 09:54:05 -0700 Subject: [Pki-users] PKI RA cannot find Security Modules In-Reply-To: <48AC3C99.70200@fmi.uni-sofia.bg> References: <48AC3C99.70200@fmi.uni-sofia.bg> Message-ID: <48AC4C2D.3020706@redhat.com> Ognyan: We have a bug for this that we are working on. As a quick workaround, you might try downgrading the package that contains "modutil" to an earlier version. This would be "nss-tools". Ognyan Kulev wrote: > Hi, > > In PKI RA installation wizard, no supported security modules are found: > > NSS Internal PKCS #11 Module Not Found > nCipher's nFast Token Hardware Module Not Found > SafeNet's LunaSA Token Hardware Module Not Found > > How to fix that? > > Regards, > Ognyan Kulev > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From bob.lord at gmail.com Wed Aug 20 19:32:47 2008 From: bob.lord at gmail.com (Bob Lord) Date: Wed, 20 Aug 2008 12:32:47 -0700 (PDT) Subject: [Pki-users] PKI RA cannot find Security Modules Message-ID: What's the bug number? /B On Wed, Aug 20, 2008 at 9:54 AM, Jack Magne wrote: > Ognyan: > > We have a bug for this that we are working on. > > As a quick workaround, you might try downgrading the package that contains > "modutil" to an earlier version. This would be "nss-tools". > > Ognyan Kulev wrote: >> >> Hi, >> >> In PKI RA installation wizard, no supported security modules are found: >> >> NSS Internal PKCS #11 Module ? ? ? Not Found ? ? ? ? ?nCipher's nFast >> Token Hardware Module ? ? Not Found ? ? ? ?SafeNet's LunaSA Token Hardware >> Module ? ? Not Found >> >> How to fix that? >> >> Regards, >> Ognyan Kulev >> >> _______________________________________________ >> Pki-users mailing list >> Pki-users at redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2316 bytes Desc: S/MIME Cryptographic Signature URL: From jmagne at redhat.com Wed Aug 20 22:08:49 2008 From: jmagne at redhat.com (Jack Magne) Date: Wed, 20 Aug 2008 15:08:49 -0700 Subject: [Pki-users] PKI RA cannot find Security Modules In-Reply-To: References: Message-ID: <48AC95F1.4030902@redhat.com> After getting my bugzilla password changed :) Bug # is 454565 thanks, jack Bob Lord wrote: > What's the bug number? > > /B > > > > > > On Wed, Aug 20, 2008 at 9:54 AM, Jack Magne wrote: >> Ognyan: >> >> We have a bug for this that we are working on. >> >> As a quick workaround, you might try downgrading the package that >> contains >> "modutil" to an earlier version. This would be "nss-tools". >> >> Ognyan Kulev wrote: >>> >>> Hi, >>> >>> In PKI RA installation wizard, no supported security modules are found: >>> >>> NSS Internal PKCS #11 Module Not Found nCipher's nFast >>> Token Hardware Module Not Found SafeNet's LunaSA Token >>> Hardware >>> Module Not Found >>> >>> How to fix that? >>> >>> Regards, >>> Ognyan Kulev >>> >>> _______________________________________________ >>> Pki-users mailing list >>> Pki-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-users >> >> _______________________________________________ >> Pki-users mailing list >> Pki-users at redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users >> >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: From wprice at mitre.org Tue Aug 26 17:59:03 2008 From: wprice at mitre.org (Price, Bill) Date: Tue, 26 Aug 2008 13:59:03 -0400 Subject: [Pki-users] Modifying the caUserCert Profile to cause Firefox to generate certificate requests with EC keys? Message-ID: I would like to modify the caUserCert profile to so that the resulting certificate requests are for EC keys. The existing profile appears to be hardwired for an RSA key. I didn't find any documentation for EC keys. I would appreciate any information regarding how to cause a firefox browser to generate an ECC pair and submit it to the CA. If anyone has succeeded and would share the profile config file, I'd appreciate it. Some questions I have are: what is the keytype? (EC, ECC, ECDSA); What keylengths should be used (ECC lengths -256 or RSA equivalents)? Should the signing algorithm be changed? If so, what are the allowable names? Does anything else have to be changed such as the html templates or class files? Thanks. Bill Price -------------- next part -------------- An HTML attachment was scrubbed... URL: From ehansen at spyrus.com Wed Aug 27 17:57:15 2008 From: ehansen at spyrus.com (Ebbe Hansen) Date: Wed, 27 Aug 2008 10:57:15 -0700 Subject: [Pki-users] PKI RA cannot find Security Modules In-Reply-To: <48AC95F1.4030902@redhat.com> References: <48AC95F1.4030902@redhat.com> Message-ID: Any estimate on when this bug may be fixed? What would the version-number be for an earlier "nss_tools" package that will also work with the latest Fedora9 DogTag modules? Ebbe @ SPYRUS Inc. -----Original Message----- From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Jack Magne Sent: Wednesday, August 20, 2008 3:09 PM To: Bob Lord Cc: pki-users at redhat.com Subject: Re: [Pki-users] PKI RA cannot find Security Modules After getting my bugzilla password changed :) Bug # is 454565 thanks, jack Bob Lord wrote: > What's the bug number? > > /B > > > > > > On Wed, Aug 20, 2008 at 9:54 AM, Jack Magne wrote: >> Ognyan: >> >> We have a bug for this that we are working on. >> >> As a quick workaround, you might try downgrading the package that >> contains "modutil" to an earlier version. This would be "nss-tools". >> >> Ognyan Kulev wrote: >>> >>> Hi, >>> >>> In PKI RA installation wizard, no supported security modules are found: >>> >>> NSS Internal PKCS #11 Module Not Found nCipher's nFast >>> Token Hardware Module Not Found SafeNet's LunaSA Token >>> Hardware >>> Module Not Found >>> >>> How to fix that? >>> >>> Regards, >>> Ognyan Kulev >>> >>> _______________________________________________ >>> Pki-users mailing list >>> Pki-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-users >> >> _______________________________________________ >> Pki-users mailing list >> Pki-users at redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users >> >> > From jmagne at redhat.com Wed Aug 27 23:25:07 2008 From: jmagne at redhat.com (Jack Magne) Date: Wed, 27 Aug 2008 16:25:07 -0700 Subject: [Pki-users] PKI RA cannot find Security Modules In-Reply-To: References: <48AC95F1.4030902@redhat.com> Message-ID: <48B5E253.2080802@redhat.com> Ebbe: I will have to check with team mates on the exact time of fix for this. It is possible the fix is already in the tree, for which a compile of the proper component may work. As for a workaround nss-tools, try this: http://rpmfind.net//linux/RPM/fedora/8/i386/nss-tools-3.11.7-10.fc8.i386.html Download the rpm above on the F8 box. su rpm -ev --nodeps nss-tools Find your dowload: rpm -ihv nss-tools-3.11.7-10.fc8.i386.html Ebbe Hansen wrote: > Any estimate on when this bug may be fixed? > > What would the version-number be for an earlier "nss_tools" package that > will also work with the latest Fedora9 DogTag modules? > > Ebbe @ SPYRUS Inc. > > > -----Original Message----- > From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] > On Behalf Of Jack Magne > Sent: Wednesday, August 20, 2008 3:09 PM > To: Bob Lord > Cc: pki-users at redhat.com > Subject: Re: [Pki-users] PKI RA cannot find Security Modules > > After getting my bugzilla password changed :) Bug # is 454565 > > thanks, > jack > > Bob Lord wrote: > >> What's the bug number? >> >> /B >> >> >> >> >> >> On Wed, Aug 20, 2008 at 9:54 AM, Jack Magne wrote: >> >>> Ognyan: >>> >>> We have a bug for this that we are working on. >>> >>> As a quick workaround, you might try downgrading the package that >>> contains "modutil" to an earlier version. This would be "nss-tools". >>> >>> Ognyan Kulev wrote: >>> >>>> Hi, >>>> >>>> In PKI RA installation wizard, no supported security modules are >>>> > found: > >>>> NSS Internal PKCS #11 Module Not Found nCipher's >>>> > nFast > >>>> Token Hardware Module Not Found SafeNet's LunaSA Token >>>> Hardware >>>> Module Not Found >>>> >>>> How to fix that? >>>> >>>> Regards, >>>> Ognyan Kulev >>>> >>>> _______________________________________________ >>>> Pki-users mailing list >>>> Pki-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/pki-users >>>> >>> _______________________________________________ >>> Pki-users mailing list >>> Pki-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-users >>> >>> >>> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3237 bytes Desc: S/MIME Cryptographic Signature URL: