Hello Martin,
I did what you ask me to do, but the error remains the
same. First I tryed using your token.xml fiel, and I
changed the paths to the corresponding in my system. I
don't know why it still says that the requested token
is not configured and between parentheses appears
OpenSSL.
Configuration error: Cannot initialize cryptographic
layer (configurationfile
/usr/local/OpenCA/etc/token.xml)!The requested token
is not configured (OpenSSL).
Configuration error: 7123090
and in the stderr.log file says:
Logging is not initialized.
Configuration error: Cannot initialize cryptographic
layer (configurationfile
/usr/local/OpenCA/etc/token.xml)!The requested token
is not configured (OpenSSL).
Configuration error: 7123090
Compilation failed in require at ./openca_start line
62.
Do we have to add any special directives to the
openssl.cnf file?
Johnny
--- Martin Bartosch <[EMAIL PROTECTED]> escribi�:
> Hi Johnny,
>
> > ./openca_start
> > Configuration error: Cannot initialize
> cryptographic
> > layer (configurationfile
> > /usr/local/OpenCA/etc/token.xml)!The requested
> token
> > is not configured (OpenSSL).
> > Configuration error: 7123090
> >
> > What is it supossed to be in the configuration of
> the
> > OpenSSL token?
>
> It is not sufficient to have only one single token
> in the token.xml
> file. The token configuration is needed by many
> parts of OpenCA, so
> you need to define a software token that is
> available to the system.
>
> My recommendation:
> - start with the stock token.xml as shipped with
> OpenCA
> - change the preconfigured CA token configuration to
> refer to
> the nCipher token as in your current configuration
> - make sure that the CA token is *not* the default
> token, if necessary
> copy a software token configuration and name it
> "Software" and
> point the Default token to it
>
> I am using the attached file successfully in a
> production server
> with a nShield module.
>
> Hope this helps.
>
> Martin
>
> > <openca>
> <token_config>
> <default_token>Software</default_token>
> <token>
> <name>Software</name>
> <type>OpenSSL</type>
> <!--
> if the token support sessions then
> you can use session and daemon too
>
> session - token will be logged out
> at end of session
> daemon - token will be only logged
> out explicitly
> -->
> <mode>standby</mode>
> <option>
> <name>DEBUG</name>
> <value>0</value>
> </option>
> <option>
> <name>SHELL</name>
>
> <value>/usr/local/bin/openssl</value>
> </option>
> <option>
> <name>WRAPPER</name>
> <value></value>
> </option>
> <option>
> <name>KEY</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/keys/cakey.pem</value>
> </option>
> <option>
> <name>PASSWD_PARTS</name>
> <value>1</value>
> </option>
> <option>
> <name>PEM_CERT</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.pem</value>
> </option>
> <option>
> <name>DER_CERT</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.der</value>
> </option>
> <option>
> <name>TXT_CERT</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.txt</value>
> </option>
> <option>
> <name>CHAIN</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/chain</value>
> </option>
> <option>
> <name>OPENCA_SV</name>
>
> <value>/usr/local/bin/openca-sv</value>
> </option>
> <option>
> <name>TMPDIR</name>
>
> <value>/usr/local/openca-0.9.2/var/tmp</value>
> </option>
> <option>
> <name>CONFIG</name>
>
>
<value>/usr/local/openca-0.9.2/etc/openssl/openssl.cnf</value>
> </option>
> <option>
> <name>RANDFILE</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/.rand</value>
> </option>
> <option>
> <name>DEBUG</name>
> <value>0</value>
> </option>
> </token>
> <token>
> <name>CA</name>
> <type>nCipher</type>
> <!--
> if the token support sessions then
> you can use session and daemon too
>
> session - token will be logged out
> at end of session
> daemon - token will be only logged
> out explicitly
> -->
> <mode>standby</mode>
> <option>
> <name>DEBUG</name>
> <value>0</value>
> </option>
> <option>
> <name>SHELL</name>
>
> <value>/usr/local/bin/openssl</value>
> </option>
> <option>
> <name>NFAST_HOME</name>
> <value>/opt/nfast</value>
> </option>
> <option>
> <name>WRAPPER</name>
> <value></value>
> </option>
> <option>
> <name>KEY</name>
> <value>rsa-uatlevel2key01</value>
> </option>
> <option>
> <name>PASSWD_PARTS</name>
> <value>1</value>
> </option>
> <option>
> <name>PEM_CERT</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.pem</value>
> </option>
> <option>
> <name>DER_CERT</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.der</value>
> </option>
> <option>
> <name>TXT_CERT</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.txt</value>
> </option>
> <option>
> <name>CHAIN</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/chain</value>
> </option>
> <option>
> <name>OPENCA_SV</name>
>
> <value>/usr/local/bin/openca-sv</value>
> </option>
> <option>
> <name>TMPDIR</name>
>
> <value>/usr/local/openca-0.9.2/var/tmp</value>
> </option>
> <option>
> <name>CONFIG</name>
>
>
<value>/usr/local/openca-0.9.2/etc/openssl/openssl.cnf</value>
> </option>
> <option>
> <name>RANDFILE</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/.rand</value>
> </option>
> <option>
> <name>DEBUG</name>
> <value>0</value>
> </option>
> </token>
> <token>
> <name>BP</name>
> <type>OpenSSL</type>
> <mode>standby</mode>
> <option>
> <name>SHELL</name>
>
> <value>/usr/local/bin/openssl</value>
> </option>
> <option>
> <name>WRAPPER</name>
> <value></value>
> </option>
> <option>
> <name>KEY</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/keys/bp_key.pem</value>
> </option>
> <option>
> <name>PASSWD_PARTS</name>
> <value>1</value>
> </option>
> <option>
> <name>PEM_CERT</name>
>
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/bp_cert.pem</value>
> </option>
> <option>
> <name>OPENCA_SV</name>
>
> <value>/usr/local/bin/openca-sv</value>
> </option>
> <option>
> <name>TMPDIR</name>
>
> <value>/usr/local/openca-0.9.2/var/tmp</value>
>
=== message truncated ===
______________________________________________
Renovamos el Correo Yahoo!: �250 MB GRATIS!
Nuevos servicios, m�s seguridad
http://correo.yahoo.es
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
