[Pki-users] Utimaco HSM "Not Found" problem

Arshad Noor arshad.noor at strongauth.com
Fri Apr 16 00:49:44 UTC 2010 

Hi,

I've updated DogTag to the current modules available (FC11 x86_64):

	dogtag-pki-ca-ui-1.3.1-1.fc11.noarch
	dogtag-pki-common-ui-1.3.1-1.fc11.noarch
	dogtag-pki-console-ui-1.3.1-1.fc11.noarch

	pki-ca-1.3.3-1.fc11.noarch
	pki-common-1.3.3-1.fc11.noarch
	pki-console-1.3.1-1.fc11.noarch
	pki-java-tools-1.3.1-1.fc11.noarch
	pki-native-tools-1.3.0-5.fc11.x86_64
	pki-selinux-1.3.4-1.fc11.noarch
	pki-setup-1.3.4-1.fc11.noarch
	pki-silent-1.3.2-1.fc11.noarch
	pki-symkey-1.3.2-3.fc11.x86_64
	pki-util-1.3.0-5.fc11.noarch


I've installed and successfully tested a Utimaco CryptoServer HSM
on the operating system, including adding it to secmod.db (in the
/var/lib/subca01/alias directory), generating a RSA key-pair,
issuing a self-signed and listing the objects using certutil (the
attached hsm-config.txt file shows sample output).

I've modified CS.cfg in /etc/subca01 to include this token (as the
attached modules.txt file shows).

I've even restarted pki-cad services after adding the HSM to secmod.db,
to ensure that the DogTag code reads secmod.db with the CryptoServer
configured in it.

However, when it comes time to install a Subordinate CA, the KeyStore
page claims that the Utimaco HSM is not found (see keystore-page.png)
even though it is correctly listed on the page under "Supported
Security Modules".

What am I missing?

How do I get DogTag to use the HSM to generate the key-pair?

Thanks.

Arshad Noor
StrongAuth, Inc.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: hsm-config.txt
URL: <http://listman.redhat.com/archives/pki-users/attachments/20100415/eb939fad/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: modules.txt
URL: <http://listman.redhat.com/archives/pki-users/attachments/20100415/eb939fad/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keystore-page.png
Type: image/png
Size: 169581 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20100415/eb939fad/attachment.png>

More information about the Pki-users mailing list