Hello,
(kind Attn : Michael and Bahaa)
I am trying to use a Luna CA3 HSM with OpenCA.
My environment is as follows :
RedHat Linux 8.0
openssl-0.9.7b.tar
OpenCA-SNAP-20030429.tar
I have installed all Luna drivers and I am able to initialize; login & logout the
token.
I installed OpenCA with the HSM options and DBI (MySQL options).
Through 'ca' interface, I did :
1. Initialize database -> OK first time.
2. Login to HSM -> OK
3. Generate Secret Key -> OK (I saw that during my second try, the light on the HSM
was green and it took a lot of time for a 4096 bit key).
This created a file cakey.pem.
4. Generate CA Certificate Request (use generated secrey key) -> FAILED
5. After this, I tried to reinitialize the database, and even this FAILED.
My debug outputs for the tasks are given below for your ref.
Am I doing it right ? I am assuming this is how we have to generate CA key/cert with
HSM. Why is a file cakey.pem being created on the hard disk. I suppose for maximum
security, we should remove the -f option from HSM_GENKEY_CMD in the ca.conf file.
Please advise what may be going wrong.
Thanks & regards
Pramila
***********************************************************************************************************************
-------------------------------------------------------------
2. Login to HSM : OK
-------------------------------------------------------------
The login command is:
/usr/luna/bin/ca3util -o -s 1 -i 10:11
Run the command ... OK
-------------------------------------------------------------
3. Generate Secret Key : OK
-------------------------------------------------------------
Debugging is activated!
defining the class parameters
checking the configuration for enough data
preparing the database (vendor dependent)
mysql detected
DB: dbi:mysql:database=openca;host=localhost;port=3306;mysql_ssl=1
connecting to database
try to connect
Checking AutoCommit to be off ...
AutoCommit is off
OpenCA::DBI should now complete
Content-type: text/html
Secret Key
-----BEGIN RSA PRIVATE KEY-----
MIICHQIBAAKCAgEA1vcooeVP95d6TVJtTggKL03h7HzeZ5KzC/TGjVRVZp1VbWUX
rbuenC1s10zf5+3siputzu0mkDQ6ItxWNoCz1MD
..
zfzvJ1czqf0rjH+eqczrKwM8pPhr1j/wrkThnolzRnMmCsRZBLFDO0Wyrk0CAQMC
AQECAQwCAQsCAQECAQECAQE=
-----END RSA PRIVATE KEY-----
OpenCA::DBI->commit
OpenCA::DBI automatic commit by destructor DESTROY
OpenCA::DBI->commit
-------------------------------------------------------------
4. Create Cert Request : FAILED
-------------------------------------------------------------
Debugging is activated!
defining the class parameters
checking the configuration for enough data
preparing the database (vendor dependent)
mysql detected
DB: dbi:mysql:database=openca;host=localhost;port=3306;mysql_ssl=1
connecting to database
try to connect
Checking AutoCommit to be off ...
AutoCommit is off
OpenCA::DBI should now complete
Content-type: text/html OpenCA::DBI->rollback
Error 7211031
General Error.
Cannot initialize an new object of OpenCA::REQ.
([EMAIL PROTECTED], Etslt RootCA, Comt, Etslt, AE)
(Subject: [EMAIL PROTECTED], CN=Etslt RootCA, OU=Comt, O=Etslt, C=AE)
OpenCA::REQ->new: Cannot open infile
/usr/local/openca.0.9.1a/openca/var/crypto/reqs/careq.pem for reading..
?? 1998-2002 by Massimiliano Pala and the OpenCA Group.
CA Manager - Version 0.9.1
OpenCA::DBI automatic commit by destructor DESTROY
OpenCA::DBI->commit
-------------------------------------------------------------
5. Initialize Database : (when trying to redo from scratch by inititalizing database
again)
-------------------------------------------------------------
Debugging is activated!
defining the class parameters
checking the configuration for enough data
preparing the database (vendor dependent)
mysql detected
DB: dbi:mysql:database=openca;host=localhost;port=3306;mysql_ssl=1
connecting to database
try to connect
Checking AutoCommit to be off ...
AutoCommit is off
OpenCA::DBI should now complete
Content-type: text/html Entering Loop for different databases
Entering sub initDB MODE: NONE
force: 0
table: SEQUENCE
dsn: dbi:mysql:database=openca;host=localhost;port=3306;mysql_ssl=1 the folloing
debugging-output is for DB2
ld_library_path:
path:
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
libpath
classpath
Entering sub operateTable
build the create statements
create:create table openca_log_sequence ( my_identity BIGINT NOT NULL)
build the statement finally
statement: select * from openca_log_sequence
run the statement
### new function call ###
Entering sub doQuery
query: select * from openca_log_sequence
prepare statement
statement nr.: 1
execute statement
execute succeeded
### leaving function doQuery successfully ###
query succeeded return 1 (EXCEPT OF NEGATOR)
OpenCA::DBI->rollback
OpenCA::DBI->rollback
Error 690
Configuration Error.
Error while initializing the database..
?? 1998-2002 by Massimiliano Pala and the OpenCA Group.
CA Manager - Version 0.9.1
OpenCA::DBI automatic commit by destructor DESTROY
OpenCA::DBI->commit
________________________________________________________________
Plug into dynamic eHosting opportunities in the UAE.
Click here for more information - http://www.comtrust.ae/hosting
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
