[Pki-users] Utimaco HSM "Not Found" problem

Arshad Noor arshad.noor at strongauth.com
Fri Apr 16 01:47:58 UTC 2010 

This is the only CA using the HSM.  The TEST Root was setup
using the Internal token.

Arshad Noor
StrongAuth, Inc.

Michael StJohns wrote:
> Any chance you're trying to use the same Slot for multiple CAs? The 
> module listing only shows a single slot.   It's possible/probable that 
> won't work.  Try initializing a second slot on the UT and try again.
> 
> Mike
> 
> 
> On 4/15/2010 8:49 PM, Arshad Noor wrote:
>> Hi,
>>
>> I've updated DogTag to the current modules available (FC11 x86_64):
>>
>>     dogtag-pki-ca-ui-1.3.1-1.fc11.noarch
>>     dogtag-pki-common-ui-1.3.1-1.fc11.noarch
>>     dogtag-pki-console-ui-1.3.1-1.fc11.noarch
>>
>>     pki-ca-1.3.3-1.fc11.noarch
>>     pki-common-1.3.3-1.fc11.noarch
>>     pki-console-1.3.1-1.fc11.noarch
>>     pki-java-tools-1.3.1-1.fc11.noarch
>>     pki-native-tools-1.3.0-5.fc11.x86_64
>>     pki-selinux-1.3.4-1.fc11.noarch
>>     pki-setup-1.3.4-1.fc11.noarch
>>     pki-silent-1.3.2-1.fc11.noarch
>>     pki-symkey-1.3.2-3.fc11.x86_64
>>     pki-util-1.3.0-5.fc11.noarch
>>
>>
>> I've installed and successfully tested a Utimaco CryptoServer HSM
>> on the operating system, including adding it to secmod.db (in the
>> /var/lib/subca01/alias directory), generating a RSA key-pair,
>> issuing a self-signed and listing the objects using certutil (the
>> attached hsm-config.txt file shows sample output).
>>
>> I've modified CS.cfg in /etc/subca01 to include this token (as the
>> attached modules.txt file shows).
>>
>> I've even restarted pki-cad services after adding the HSM to secmod.db,
>> to ensure that the DogTag code reads secmod.db with the CryptoServer
>> configured in it.
>>
>> However, when it comes time to install a Subordinate CA, the KeyStore
>> page claims that the Utimaco HSM is not found (see keystore-page.png)
>> even though it is correctly listed on the page under "Supported
>> Security Modules".
>>
>> What am I missing?
>>
>> How do I get DogTag to use the HSM to generate the key-pair?
>>
>> Thanks.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>   
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list