Hello Martin,
I'm using Lineox, Do you think the problem starts
there? I have had a lot of problems trying to get it
working good with all the perl modules, but now I can
put it work without problems. The only thing, now is
the nCipher.
Which distro are you using?
Thanks,
Johnny
--- Johnny Gonzalez <[EMAIL PROTECTED]>
escribi�:
> Hello Martin,
>
> I did what you ask me to do, but the error remains
> the
> same. First I tryed using your token.xml fiel, and I
> changed the paths to the corresponding in my system.
> I
> don't know why it still says that the requested
> token
> is not configured and between parentheses appears
> OpenSSL.
>
> Configuration error: Cannot initialize cryptographic
> layer (configurationfile
> /usr/local/OpenCA/etc/token.xml)!The requested token
> is not configured (OpenSSL).
> Configuration error: 7123090
>
>
> and in the stderr.log file says:
>
> Logging is not initialized.
> Configuration error: Cannot initialize cryptographic
> layer (configurationfile
> /usr/local/OpenCA/etc/token.xml)!The requested token
> is not configured (OpenSSL).
> Configuration error: 7123090
> Compilation failed in require at ./openca_start line
> 62.
>
>
> Do we have to add any special directives to the
> openssl.cnf file?
>
>
> Johnny
>
>
> --- Martin Bartosch <[EMAIL PROTECTED]> escribi�:
> > Hi Johnny,
> >
> > > ./openca_start
> > > Configuration error: Cannot initialize
> > cryptographic
> > > layer (configurationfile
> > > /usr/local/OpenCA/etc/token.xml)!The requested
> > token
> > > is not configured (OpenSSL).
> > > Configuration error: 7123090
> > >
> > > What is it supossed to be in the configuration
> of
> > the
> > > OpenSSL token?
> >
> > It is not sufficient to have only one single token
> > in the token.xml
> > file. The token configuration is needed by many
> > parts of OpenCA, so
> > you need to define a software token that is
> > available to the system.
> >
> > My recommendation:
> > - start with the stock token.xml as shipped with
> > OpenCA
> > - change the preconfigured CA token configuration
> to
> > refer to
> > the nCipher token as in your current
> configuration
> > - make sure that the CA token is *not* the default
> > token, if necessary
> > copy a software token configuration and name it
> > "Software" and
> > point the Default token to it
> >
> > I am using the attached file successfully in a
> > production server
> > with a nShield module.
> >
> > Hope this helps.
> >
> > Martin
> >
> > > <openca>
> > <token_config>
> > <default_token>Software</default_token>
> > <token>
> > <name>Software</name>
> > <type>OpenSSL</type>
> > <!--
> > if the token support sessions then
> > you can use session and daemon too
> >
> > session - token will be logged out
> > at end of session
> > daemon - token will be only
> logged
> > out explicitly
> > -->
> > <mode>standby</mode>
> > <option>
> > <name>DEBUG</name>
> > <value>0</value>
> > </option>
> > <option>
> > <name>SHELL</name>
> >
> > <value>/usr/local/bin/openssl</value>
> > </option>
> > <option>
> > <name>WRAPPER</name>
> > <value></value>
> > </option>
> > <option>
> > <name>KEY</name>
> >
> >
>
<value>/usr/local/openca-0.9.2/var/crypto/keys/cakey.pem</value>
> > </option>
> > <option>
> > <name>PASSWD_PARTS</name>
> > <value>1</value>
> > </option>
> > <option>
> > <name>PEM_CERT</name>
> >
> >
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.pem</value>
> > </option>
> > <option>
> > <name>DER_CERT</name>
> >
> >
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.der</value>
> > </option>
> > <option>
> > <name>TXT_CERT</name>
> >
> >
>
<value>/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.txt</value>
> > </option>
> > <option>
> > <name>CHAIN</name>
> >
> >
>
<value>/usr/local/openca-0.9.2/var/crypto/chain</value>
> > </option>
> > <option>
> > <name>OPENCA_SV</name>
> >
> > <value>/usr/local/bin/openca-sv</value>
> > </option>
> > <option>
> > <name>TMPDIR</name>
> >
> > <value>/usr/local/openca-0.9.2/var/tmp</value>
> > </option>
> > <option>
> > <name>CONFIG</name>
> >
> >
>
<value>/usr/local/openca-0.9.2/etc/openssl/openssl.cnf</value>
> > </option>
> > <option>
> > <name>RANDFILE</name>
> >
> >
>
<value>/usr/local/openca-0.9.2/var/crypto/.rand</value>
> > </option>
> > <option>
> > <name>DEBUG</name>
> > <value>0</value>
> > </option>
> > </token>
> > <token>
> > <name>CA</name>
> > <type>nCipher</type>
> > <!--
> > if the token support sessions then
> > you can use session and daemon too
> >
> > session - token will be logged out
> > at end of session
> > daemon - token will be only
> logged
> > out explicitly
> > -->
> > <mode>standby</mode>
> > <option>
> > <name>DEBUG</name>
> > <value>0</value>
> > </option>
> > <option>
> > <name>SHELL</name>
> >
> > <value>/usr/local/bin/openssl</value>
> > </option>
> > <option>
> > <name>NFAST_HOME</name>
> > <value>/opt/nfast</value>
>
=== message truncated ===
______________________________________________
Renovamos el Correo Yahoo!: �250 MB GRATIS!
Nuevos servicios, m�s seguridad
http://correo.yahoo.es
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
