Hi, while trying to get OpenCA going with my shiny nCipher module I am experiencing some weird problems concerning configuration.
In order to access the module I changed the 'openssl_engine' configuration value in config.xml: <!-- =========== --> <!-- HSM support --> <!-- =========== --> <option> <name>openssl_engine</name> <value>chil -keyform e</value> </option> <option> <name>hsm_utility</name> <value></value> </option> <option> <name>hsm_slot</name> <value></value> </option> <option> <name>appid</name> <value></value> </option> Then I modified token.xml. In particular I added a WRAPPER (thanks, Michael) and changed the KEY value to reference the key name that already exists in the HSM module. <openca> <token_config> <default_token>CA</default_token> <token> <name>CA</name> <type>OpenSSL</type> <!-- if the token support sessions then you can use session and daemon too session - token will be logged out at end of session daemon - token will be only logged out explicitly --> <mode>standby</mode> <option> <name>SHELL</name> <value>/usr/local/ssl/bin/openssl</value> </option> <option> <name>WRAPPER</name> <value>/opt/nfast/bin/with-nfast -M</value> </option> <option> <name>KEY</name> <value>rsa-sslca</value> </option> <option> <name>PASSWD_PARTS</name> <value>1</value> </option> [...] After running configure_etc.sh the corresponding etc/servers/ca.conf file reads: [...] ## Crypto Section ## ============== openssl "/usr/local/ssl/bin/openssl" [...] ## HSM configuration ## ================= ## Example: LunaCA3 ## opensslEngine "LunaCA3" ## opensslEngineArg "-enginearg 1:10:11" opensslEngine "chil -keyform e" opensslEngineArg "-enginearg :@hsm_appid@" HSM_LOGIN_CMD " -o -s -i @hsm_appid@" HSM_LOGOUT_CMD " -c -s -i @hsm_appid@" HSM_GENKEY_CMD " -s -i @hsm_appid@ -g @__BITS__@ -f @__OUTFILE__@" I know that the above opensslEngineArg is not suitable for my HSM, but it DOES exist. However, when starting the OpenCA server it does not seem to find this configuration entry. (It reads the opensslEngine variable without problems.) It seems that the opensslEngineArg parameter is simply ignored. # ./openca_start Content-Type: text/html <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="C"><head><title>Configuration Error</title> </head><body bgcolor="#FFFFFF"><CENTER><BR><HR WIDTH=80%><BR></CENTER><OL><OL><H1><FONT COLOR=red>Error 690</FONT></H1><OL> <B>Configuration Error</B>. Missing Configuration Keyword : opensslEngineArg.</OL></OL></OL> </PRE><CENTER><HR WIDTH=80%></CENTER> <FONT SIZE="+0"> </BODY> </HTML> OpenCA: Error Trapped: Missing Configuration Keyword : opensslEngineArg at /usr/lib/perl5/site_perl/5.8.0/OpenCA/UI/HTML.pm line 147. Compilation failed in require at ./openca_start line 62. I am a bit lost in the depths of OpenCA's Perl guts. Can anybody with more insight help me? Cheers, Martin ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel