[Pki-users] CS 8.0: Cannot Complete CA Cloning Wizard Using nCipher netHSM
Patrick.Raspante at gdc4s.com
Patrick.Raspante at gdc4s.com
Sun Sep 25 14:18:52 UTC 2011
Given a Master CA with existing keys in an ncipher netHSM:
>From Guide:
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html/In
stall_Guide/cloning-a-ca.html
Documentation says there need not be any extra intervention to export
and import HSM keys if the new Clone resides on the same server as the
Master:
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html/In
stall_Guide/exporting-keys.html
Cannot get past step 10. Leaving the p12 path and p12 password fields
blank (do no import p12's) results in an end of file sax parse error.
Tried feeding the wizard a dummy p12. Get an error message "Clone is not
ready". Debug log files reveals that not all require certificates have
been imported.
Also worth noting that before running the Clone Wizard:
# cd /var/lib/CLONE-CA/alias
# modutil -dbdir . -list
--The netHSM module is listed
# certutil -L -d . -h <token-name>
--Lists all of MASTER-CA's certificates/keys are available.
Has anyone identified a workaround for this?
Thanks
-pwr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20110925/c0fd6198/attachment.htm>
More information about the Pki-users
mailing list