[Pki-users] Utimaco HSM "Not Found" problem

Michael StJohns msj at nthpermutation.com
Fri Apr 16 01:45:01 UTC 2010 

Sorry - after I sent my earlier email I realized you probably 
encountered the same problem I did.

I need to report the bug to Utimaco/Sophos, but the driver on the 2.01 
disk for Linux appears to have problems finding the configuration file 
in the standard locations.  I'm not sure exactly what the problem is.  
You can duplicate this by clearing the CS2_PKCS11_INI environment 
variable, placing the cs2_pkcs11.ini file in one of the standard 
locations  - e.g. /usr/etc/cs2_pkcs11.ini and then running the modutil 
command again over  a blank database and try and add the module again.   
If you get the error CKR_FUNCTION_FAILED - its the same issue.

Strangely enough, the config file is found, its just not loaded for some 
reason.  (Do an 'strace' and look at the "access" calls).

Mike

On 4/15/2010 8:49 PM, Arshad Noor wrote:
> Hi,
>
> I've updated DogTag to the current modules available (FC11 x86_64):
>
>     dogtag-pki-ca-ui-1.3.1-1.fc11.noarch
>     dogtag-pki-common-ui-1.3.1-1.fc11.noarch
>     dogtag-pki-console-ui-1.3.1-1.fc11.noarch
>
>     pki-ca-1.3.3-1.fc11.noarch
>     pki-common-1.3.3-1.fc11.noarch
>     pki-console-1.3.1-1.fc11.noarch
>     pki-java-tools-1.3.1-1.fc11.noarch
>     pki-native-tools-1.3.0-5.fc11.x86_64
>     pki-selinux-1.3.4-1.fc11.noarch
>     pki-setup-1.3.4-1.fc11.noarch
>     pki-silent-1.3.2-1.fc11.noarch
>     pki-symkey-1.3.2-3.fc11.x86_64
>     pki-util-1.3.0-5.fc11.noarch
>
>
> I've installed and successfully tested a Utimaco CryptoServer HSM
> on the operating system, including adding it to secmod.db (in the
> /var/lib/subca01/alias directory), generating a RSA key-pair,
> issuing a self-signed and listing the objects using certutil (the
> attached hsm-config.txt file shows sample output).
>
> I've modified CS.cfg in /etc/subca01 to include this token (as the
> attached modules.txt file shows).
>
> I've even restarted pki-cad services after adding the HSM to secmod.db,
> to ensure that the DogTag code reads secmod.db with the CryptoServer
> configured in it.
>
> However, when it comes time to install a Subordinate CA, the KeyStore
> page claims that the Utimaco HSM is not found (see keystore-page.png)
> even though it is correctly listed on the page under "Supported
> Security Modules".
>
> What am I missing?
>
> How do I get DogTag to use the HSM to generate the key-pair?
>
> Thanks.
>
> Arshad Noor
> StrongAuth, Inc.
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20100415/614efb13/attachment.htm>

More information about the Pki-users mailing list