[Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag
Jayakishore Thunga
jayakishore.thunga at hotmail.com
Mon Aug 5 09:01:06 UTC 2013
Hi ,
I am configuring external HSM called SoftHSM to certificate system. Here is my configuration DogTag 9.0Fedora 15
After pkicreate, i created softhsm entry into the db. Here are the details
[root at fed15vmnew alias]# modutil -dbdir . -nocertdb -listListing of PKCS #11 Modules----------------------------------------------------------- 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded
slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services token: NSS Certificate DB
2. SOFTHSM PKCS #11 Module library name: /usr/lib/softhsm/libsofthsm.so slots: 1 slot attached status: loaded
slot: SoftHSM token: softhsm-----------------------------------------------------------
[root at fed15vmnew alias]# modutil -dbdir . -nocertdb -list "SOFTHSM PKCS #11 Module"-----------------------------------------------------------Name: SOFTHSM PKCS #11 ModuleLibrary file: /usr/lib/softhsm/libsofthsm.soManufacturer: SoftHSMDescription: Implementation of PKCS11PKCS #11 Version 2.20Library Version: 1.3Cipher Enable Flags: NoneDefault Mechanism Flags: RSA
Slot: SoftHSM Slot Mechanism Flags: RSA Manufacturer: SoftHSM Type: Software Version Number: 1.3 Firmware Version: 1.3 Status: Enabled Token Name: softhsm Token Manufacturer: SoftHSM Token Model: SoftHSM Token Serial Number: 1 Token Version: 1.3 Token Firmware Version: 1.3 Access: NOT Write Protected Login Type: Login required User Pin: Initialized
/var/lib/pki-ca/conf/password.confadded this linehardware-softhsm=12345&Modified /var/lib/pki-ca/conf/serverCertNick.confsofthsm:Server-Cert cert-pki-ca
After this, configuration link doesn't open https://fed15vmnew.newnet.local:9445/ca/admin/console/config/login?pin=mgjpN14xJzgNR97RW7dtIf password.conf & serverCertNick.conf are unmodified then, configuration link opens and SoftHSM module is listed as Found, but doesn't allow to set it as default for the CA system.
Please help in setting up external HSM to be configured with certificate system.
Thanks,
Br,Kishore8105176926
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20130805/8b98f7ae/attachment.htm>
More information about the Pki-users
mailing list