Hello Martin,
I triple checked my token.xml, as you told me ;-), and
you were right the were syntactical errors, Now I'm
getting this error message in the console:
./openca_start
Configuration error: Cannot initialize cryptographic
layer (configurationfile
/usr/local/OpenCA/etc/token.xml)!The requested token
is not configured (OpenSSL).
Configuration error: 7123090
and the var/log/sterr.log looks like this:
Configuration error: Cannot initialize cryptographic
layer (configurationfile
/usr/local/OpenCA/etc/token.xml)!The requested token
is not configured (OpenSSL).
Configuration error: 7123090
Compilation failed in require at ./openca_start line
62.
Logging is not initialized.
Configuration error: Cannot initialize cryptographic
layer (configurationfile
/usr/local/OpenCA/etc/token.xml)!The requested token
is not configured (OpenSSL).
Configuration error: 7123090
Compilation failed in require at ./openca_start line
62.
What is it supossed to be in the configuration of the
OpenSSL token?
I made a little change, I delete all tokens, but not
the CA token (nCipher) and I'm getting the same error
Message.
My new token.xml file is attached to this email
message.
Thanks a lot,
Johnny
PD: the reduce version of the token.xml file I told
you is this:
<openca>
<token_config>
<default_token>CA</default_token>
<token>
<name>CA</name>
<type>nCipher</type>
<!--
if the token support sessions then you
can use session and daemon too
session - token will be logged out at
end of session
daemon - token will be only logged
out explicitly
-->
<mode>session</mode>
<option>
<name>SHELL</name>
<value>/usr/bin/openssl</value>
</option>
<option>
<name>NFAST_HOME</name>
<value>/opt/nfast</value>
</option>
<option>
<name>WRAPPER</name>
<value>/opt/nfast/bin/with-nfast
-M</value>
</option>
<option>
<name>KEY</name>
<value>rsa-rootkey</value>
</option>
<option>
<name>PASSWD_PARTS</name>
<value>1</value>
</option>
<option>
<name>PEM_CERT</name>
<value>/usr/local/OpenCA/var/crypto/cacerts/cacert.pem</value>
</option>
<option>
<name>DER_CERT</name>
<value>/usr/local/OpenCA/var/crypto/cacerts/cacert.der</value>
</option>
<option>
<name>TXT_CERT</name>
<value>/usr/local/OpenCA/var/crypto/cacerts/cacert.txt</value>
</option>
<option>
<name>CHAIN</name>
<value>/usr/local/OpenCA/var/crypto/chain</value>
</option>
<option>
<name>OPENCA_SV</name>
<value>/usr/local/bin/openca-sv</value>
</option>
<option>
<name>TMPDIR</name>
<value>/usr/local/OpenCA/var/tmp</value>
</option>
<option>
<name>CONFIG</name>
<value>/usr/local/OpenCA/etc/openssl/openssl.cnf</value>
</option>
<option>
<name>RANDFILE</name>
<value>/usr/local/OpenCA/var/crypto/.rand</value>
</option>
<option>
<name>DEBUG</name>
<value>1</value>
</option>
</token>
</token_config>
</openca>
--- Martin Bartosch <[EMAIL PROTECTED]> escribi�:
> Hi Johnny,
>
> >> you have a syntax error in your token.xml
> >> configuration file.
> >> Remove the extra <option> tag preceding the
> >> NFAST_HOME entry.
> >
> > Done, but the error message remains the same :-(
> > What do you think the problem is?
>
> the error you found in the log file indicates a
> configuration error
> in the token.xml file. In particular - as it says in
> the log file
> and in the documentation - the NFAST_HOME option was
> not defined.
>
> This error is *only* generated if the nCipher module
> does not
> find its NFAST_HOME option, so the best start is to
> have a triple
> check on your token.xml file syntax.
>
> Please make sure that your token.xml file is
> syntactically AND
> semantically correct. OpenCA will complain about
> syntax errors,
> but you are on your own on semantics.
>
> The reason OpenCA started with your token.xml is
> that it is valid
> XML but the entities may not be in the correct
> level:
>
> From your config file:
> <option>
> <name>SHELL</name>
> <value>/usr/bin/openssl</value>
> </option>
> <option> !!!!!!!!!!!!!
> <option>
> <name>NFAST_HOME</name>
> <value>/opt/nfast</value>
> </option> !!!!!!!!!!!!!!
> <name>WRAPPER</name>
> <value>/opt/nfast/bin/with-nfast
> -M</value>
> </option>
>
> Did you correct these errors? Did the error messages
> in the log
> change?
>
> BTW: you should not make nCipher the default token,
> instead use
> the OpenSSL token for this. Use nCipher as CA token
> instead.
>
> cheers
>
> Martin
>
>
>
>
-------------------------------------------------------
> The SF.Net email is sponsored by: Beat the
> post-holiday blues
> Get a FREE limited edition SourceForge.net t-shirt
> from ThinkGeek.
> It's fun and FREE -- well,
> almost....http://www.thinkgeek.com/sfshirt
> _______________________________________________
> Openca-Users mailing list
> [email protected]
>
https://lists.sourceforge.net/lists/listinfo/openca-users
>
______________________________________________
Renovamos el Correo Yahoo!: �250 MB GRATIS!
Nuevos servicios, m�s seguridad
http://correo.yahoo.es<openca>
<token_config>
<default_token>CA</default_token>
<token>
<name>CA</name>
<type>nCipher</type>
<!--
if the token support sessions then you can use session and daemon too
session - token will be logged out at end of session
daemon - token will be only logged out explicitly
-->
<mode>session</mode>
<option>
<name>SHELL</name>
<value>/usr/bin/openssl</value>
</option>
<option>
<name>NFAST_HOME</name>
<value>/opt/nfast</value>
</option>
<option>
<name>WRAPPER</name>
<value>/opt/nfast/bin/with-nfast -M</value>
</option>
<option>
<name>KEY</name>
<value>rsa-rootkey</value>
</option>
<option>
<name>PASSWD_PARTS</name>
<value>1</value>
</option>
<option>
<name>PEM_CERT</name>
<value>/usr/local/OpenCA/var/crypto/cacerts/cacert.pem</value>
</option>
<option>
<name>DER_CERT</name>
<value>/usr/local/OpenCA/var/crypto/cacerts/cacert.der</value>
</option>
<option>
<name>TXT_CERT</name>
<value>/usr/local/OpenCA/var/crypto/cacerts/cacert.txt</value>
</option>
<option>
<name>CHAIN</name>
<value>/usr/local/OpenCA/var/crypto/chain</value>
</option>
<option>
<name>OPENCA_SV</name>
<value>/usr/local/bin/openca-sv</value>
</option>
<option>
<name>TMPDIR</name>
<value>/usr/local/OpenCA/var/tmp</value>
</option>
<option>
<name>CONFIG</name>
<value>/usr/local/OpenCA/etc/openssl/openssl.cnf</value>
</option>
<option>
<name>RANDFILE</name>
<value>/usr/local/OpenCA/var/crypto/.rand</value>
</option>
<option>
<name>DEBUG</name>
<value>1</value>
</option>
</token>
<token>
<name>BP</name>
<type>OpenSSL</type>
<mode>standby</mode>
<option>
<name>SHELL</name>
<value>/usr/bin/openssl</value>
</option>
<option>
<name>WRAPPER</name>
<value></value>
</option>
<option>
<name>KEY</name>
<value>/usr/local/OpenCA/var/crypto/keys/bp_key.pem</value>
</option>
<option>
<name>PASSWD_PARTS</name>
<value>1</value>
</option>
<option>
<name>PEM_CERT</name>
<value>/usr/local/OpenCA/var/crypto/cacerts/bp_cert.pem</value>
</option>
<option>
<name>OPENCA_SV</name>
<value>/usr/local/bin/openca-sv</value>
</option>
<option>
<name>TMPDIR</name>
<value>/usr/local/OpenCA/var/tmp</value>
</option>
<option>
<name>CONFIG</name>
<value>/usr/local/OpenCA/etc/openssl/openssl.cnf</value>
</option>
<option>
<name>RANDFILE</name>
<value>/usr/local/OpenCA/var/crypto/.rand</value>
</option>
<option>
<name>DEBUG</name>
<value>0</value>
</option>
</token>
<token>
<name>KEYBACKUP</name>
<type>OpenSSL</type>
<mode>standby</mode>
<option>
<name>SHELL</name>
<value>/usr/bin/openssl</value>
</option>
<option>
<name>WRAPPER</name>
<value></value>
</option>
<option>
<name>KEY</name>
<value>/usr/local/OpenCA/var/crypto/keys/keybackup_key.pem</value>
</option>
<option>
<name>PASSWD_PARTS</name>
<value>1</value>
</option>
<option>
<name>PEM_CERT</name>
<value>/usr/local/OpenCA/var/crypto/cacerts/keybackup_cert.pem</value>
</option>
<option>
<name>OPENCA_SV</name>
<value>/usr/local/bin/openca-sv</value>
</option>
<option>
<name>TMPDIR</name>
<value>/usr/local/OpenCA/var/tmp</value>
</option>
<option>
<name>CONFIG</name>
<value>/usr/local/OpenCA/etc/openssl/openssl.cnf</value>
</option>
<option>
<name>RANDFILE</name>
<value>/usr/local/OpenCA/var/crypto/.rand</value>
</option>
<option>
<name>DEBUG</name>
<value>0</value>
</option>
</token>
<token>
<name>LOG</name>
<type>OpenSSL</type>
<!--
if the token support sessions then you can use session and daemon too
session - token will be logged out at end of session
daemon - token will be only logged out explicitly
-->
<mode>standby</mode>
<option>
<name>SHELL</name>
<value>/usr/bin/openssl</value>
</option>
<option>
<name>WRAPPER</name>
<value></value>
</option>
<option>
<name>KEY</name>
<value>/usr/local/OpenCA/var/crypto/keys/log_key.pem</value>
</option>
<option>
<name>PASSWD_PARTS</name>
<value>1</value>
</option>
<option>
<name>PEM_CERT</name>
<value>/usr/local/OpenCA/var/crypto/cacerts/log_cert.pem</value>
</option>
<option>
<name>CHAIN</name>
<value>/usr/local/OpenCA/var/crypto/chain</value>
</option>
<option>
<name>OPENCA_SV</name>
<value>/usr/local/bin/openca-sv</value>
</option>
<option>
<name>TMPDIR</name>
<value>/usr/local/OpenCA/var/tmp</value>
</option>
<option>
<name>CONFIG</name>
<value>/usr/local/OpenCA/etc/openssl/openssl.cnf</value>
</option>
<option>
<name>RANDFILE</name>
<value>/usr/local/OpenCA/var/crypto/.rand</value>
</option>
<option>
<name>DEBUG</name>
<value>0</value>
</option>
</token>
</token_config>
</openca>
