[Pki-users] Error 7 in SOkey enrollment

John Magne jmagne at redhat.com
Mon Jul 13 20:54:37 UTC 2009


Oh: OK, thanks.

So it's probably not an token or applet issue. In this case you might want to inspect your TPS's CS.cfg. Compare the entries for "userKey" which is the regular user with the ones for "soKey" and look for differences.

----- Original Message -----
From: "Julius-p99373 Adewumi" <Julius.Adewumi at gdc4s.com>
To: "John Magne" <jmagne at redhat.com>
Cc: pki-users at redhat.com
Sent: Monday, July 13, 2009 1:40:47 PM GMT -08:00 US/Canada Pacific
Subject: RE: [Pki-users] Error 7 in SOkey enrollment


 They are Gemalto smartcards. I can enroll users successfully, but to
enroll security officer (SO) who is capable of managing user-tokens is
the problem. 


From: Julius Adewumi



-----Original Message-----
From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com]
On Behalf Of John Magne
Sent: Monday, July 13, 2009 12:53 PM
To: Adewumi, Julius-p99373
Cc: pki-users at redhat.com
Subject: Re: [Pki-users] Error 7 in SOkey enrollment


Just curious, what type of token are you trying?


----- Original Message -----
From: "Julius-p99373 Adewumi" <Julius.Adewumi at gdc4s.com>
To: pki-users at redhat.com
Sent: Monday, July 13, 2009 10:15:46 AM GMT -08:00 US/Canada Pacific
Subject: [Pki-users] Error 7 in SOkey enrollment


Error 7 in SOkey enrollment 

Has anyone familiarity with the following VFY_CreateContext() failure or
the verifyProof failure who can shed some light on what is going on,
config or software release version --suspect is certEnroll()? 
Here is a section of the log: 

-------------------------------------------
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment -
Successfully read public key buffer
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment -
public_key = (length='271')
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 00 8b
00 01 04 00 00 80 8d aa
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - cc 88
8d f5 b5 ae 93 72 9c ec
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 60 c7
3c a8 65 f8 09 62 65 b7
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 95 8a
fe 5e 75 7e 00 2c ad 06
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 15 c3
ad 3f 96 39 c9 78 d8 73
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 07 92
3e 39 d9 3e 88 63 3b 18
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - de 76
6d 33 ec 49 53 25 ce 9c
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 5b 55
70 fe 4b 60 a0 f9 8a 75
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 29 9e
90 ac 87 9e fc 2b 1a 55
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - c9 04
00 21 ea 5c e1 f0 2f 0d
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 72 49
38 47 96 51 3d f2 ab 06
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 6e 9f
e8 93 e6 22 9b dc ab 3a
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - eb 80
d1 8d 5b 68 b1 6f 66 1b
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 3a 3d
5d 75 e9 87 00 03 01 00
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 01 00
80 5f a0 76 96 30 ff 55
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - db d5
4e b5 ed 4e 82 c9 8c d9
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - a7 56
0b bd fd e7 b2 34 c9 50
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - fa 2a
19 88 99 89 a6 80 39 5c
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - ed 89
a8 c8 17 52 b7 04 eb 25
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 91 b9
35 bd d9 e8 6e 5c 0b 7c
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 0a 80
bd 3f fc f4 20 a8 b6 61
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 49 0b
9f 0e c6 8b a5 8c 60 e7
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - d2 46
91 86 93 2f 6c 9d 56 62
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 30 33
79 84 ba 4d b5 60 14 87
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 03 8d
cd 17 85 a0 bc 02 21 ff
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 5c fe
71 cf fd f2 2b 7f 68 bb
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 1e 38
26 33 96 ff e2 48 66 ef
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - 57
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment -
challenge size=16
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::process - challenge =
(length='16')
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::process - c9 1f 72 35
21 17 90 5a ed ce
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::process - dd a5 c6 9d
ad 51
[2009-07-01 16:35:52] b5b5710 AP_Session::WriteMsg - Sent
's=69&msg_type=14&current_state=73&next_task_name=PROGRESS_PARSE_PUBLIC_
KEY' 

[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - About
to Parse Public Key
[2009-07-01 16:35:52] b5b5710 CertEnroll::verifyProof -
VFY_CreateContext() failed
[2009-07-01 16:35:52] b5b5710 CertEnroll::ParsePublicKeyBlob - verify
proof failed
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::DoEnrollment - Failed
to parse public key
[2009-07-01 16:35:52] b5b5710 RA_Enroll_Processor::GenerateCertificate -
Got a status error from DoEnrollment: 7
[2009-07-01 16:35:53] b5b5710 AP_Session::WriteMsg - Sent
's=42&msg_type=13&operation=1&result=1&message=7' 


---------------------------------------- 

The config seems to show that Private Key is to be generated on the
Token for SO mode (Security Officer Mode enrollment). It is during this
Private Key generation that this failure occurs each time. Any input
will help. The lkast line of the log is where Error 7 was spawned. 


From: Julius Adewumi
@GDC4S.com
Ph:480-441-6768
Contract Corp:MTSI 

_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users

_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users




More information about the Pki-users mailing list