[Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag
John Magne
jmagne at redhat.com
Mon Aug 5 17:18:43 UTC 2013
You should get to a screen on the wizard that asks you to choose a module?
You are not seeing this?
TAke a look at the end of the log file /var/lib/pki-ca/logs/debug and see if anything sticks out with respect to your token.
Also, you might want to run through a test installation with the internal module just to see if you can get a regular CA running ok.
thanks,
jack
----- Original Message -----
From: "Jayakishore Thunga" <jayakishore.thunga at hotmail.com>
To: pki-users at redhat.com
Sent: Monday, August 5, 2013 2:01:06 AM
Subject: [Pki-users] Configuring external PKCS#11 Module (softhsm) with DogTag
Hi ,
I am configuring external HSM called SoftHSM to certificate system. Here is my configuration
DogTag 9.0
Fedora 15
After pkicreate, i created softhsm entry into the db. Here are the details
[root at fed15vmnew alias]# modutil -dbdir . -nocertdb -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. SOFTHSM PKCS #11 Module
library name: /usr/lib/softhsm/libsofthsm.so
slots: 1 slot attached
status: loaded
slot: SoftHSM
token: softhsm
-----------------------------------------------------------
[root at fed15vmnew alias]# modutil -dbdir . -nocertdb -list "SOFTHSM PKCS #11 Module"
-----------------------------------------------------------
Name: SOFTHSM PKCS #11 Module
Library file: /usr/lib/softhsm/libsofthsm.so
Manufacturer: SoftHSM
Description: Implementation of PKCS11
PKCS #11 Version 2.20
Library Version: 1.3
Cipher Enable Flags: None
Default Mechanism Flags: RSA
Slot: SoftHSM
Slot Mechanism Flags: RSA
Manufacturer: SoftHSM
Type: Software
Version Number: 1.3
Firmware Version: 1.3
Status: Enabled
Token Name: softhsm
Token Manufacturer: SoftHSM
Token Model: SoftHSM
Token Serial Number: 1
Token Version: 1.3
Token Firmware Version: 1.3
Access: NOT Write Protected
Login Type: Login required
User Pin: Initialized
/var/lib/pki-ca/conf/password.conf
added this line
hardware-softhsm=12345
&
Modified /var/lib/pki-ca/conf/ serverCertNick.conf
softhsm:Server-Cert cert-pki-ca
After this, configuration link doesn't open https://fed15vmnew.newnet.local:9445/ca/admin/console/config/login?pin=mgjpN14xJzgNR97RW7dt
If password.conf & serverCertNick.conf are unmodified then, configuration link opens and SoftHSM module is listed as Found, but doesn't allow to set it as default for the CA system.
Please help in setting up external HSM to be configured with certificate system.
Thanks,
Br,
Kishore
8105176926
_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list