[Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag

Jayakishore Thunga jayakishore.thunga at hotmail.com
Mon Aug 5 09:01:06 UTC 2013 

Hi ,
I am configuring external HSM called SoftHSM to certificate system. Here is my configuration DogTag 9.0Fedora 15
After pkicreate, i created softhsm entry into the db. Here are the details
[root at fed15vmnew alias]# modutil -dbdir . -nocertdb -listListing of PKCS #11 Modules-----------------------------------------------------------  1. NSS Internal PKCS #11 Module         slots: 2 slots attached        status: loaded
         slot: NSS Internal Cryptographic Services        token: NSS Generic Crypto Services
         slot: NSS User Private Key and Certificate Services        token: NSS Certificate DB
  2. SOFTHSM PKCS #11 Module        library name: /usr/lib/softhsm/libsofthsm.so         slots: 1 slot attached        status: loaded
         slot: SoftHSM        token: softhsm-----------------------------------------------------------

[root at fed15vmnew alias]# modutil -dbdir . -nocertdb -list "SOFTHSM PKCS #11 Module"-----------------------------------------------------------Name: SOFTHSM PKCS #11 ModuleLibrary file: /usr/lib/softhsm/libsofthsm.soManufacturer: SoftHSMDescription: Implementation of PKCS11PKCS #11 Version 2.20Library Version: 1.3Cipher Enable Flags: NoneDefault Mechanism Flags: RSA
  Slot: SoftHSM  Slot Mechanism Flags: RSA  Manufacturer: SoftHSM  Type: Software  Version Number: 1.3  Firmware Version: 1.3  Status: Enabled  Token Name: softhsm  Token Manufacturer: SoftHSM  Token Model: SoftHSM  Token Serial Number: 1  Token Version: 1.3  Token Firmware Version: 1.3  Access: NOT Write Protected  Login Type: Login required  User Pin: Initialized
/var/lib/pki-ca/conf/password.confadded this linehardware-softhsm=12345&Modified /var/lib/pki-ca/conf/serverCertNick.confsofthsm:Server-Cert cert-pki-ca
After this, configuration link doesn't open https://fed15vmnew.newnet.local:9445/ca/admin/console/config/login?pin=mgjpN14xJzgNR97RW7dtIf password.conf & serverCertNick.conf are unmodified then, configuration link opens and SoftHSM module is listed as Found, but doesn't allow to set it as default for the CA system.
Please help in setting up external HSM to be configured with certificate system.
Thanks,
Br,Kishore8105176926
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20130805/8b98f7ae/attachment.htm>

More information about the Pki-users mailing list