Hello Martin,
I have great news, I could finally start OpenCA using
nCipher, but now there's another problem. When I try
to create the secret key (Step 2 phase I) appears this
error message:
OpenCA::Token::OpenSSL->Verify if key ocs object hash
is preloaded
OpenCA::Token::OpenSSL->Object is not preloaded, key
is not usable
OpenCA::Token::OpenSSL->nCipher HSM online check
OpenCA::Token::OpenSSL->Last check was performed less
than 60 seconds ago. Returning cached result.
OpenCA::Token::OpenSSL->Checking nCipher
infrastructure
OpenCA::Token::OpenSSL->exec: "/opt/nfast/bin/enquiry"
OpenCA::Token::OpenSSL->nCipher hardserver information
OpenCA::Token::OpenSSL-> 'server' (version: 2.15.15)
is operational
OpenCA::Token::OpenSSL-> 'module1' (version: 2.12.6)
is operational
OpenCA::Token::OpenSSL->nCipher key online check
OpenCA::Token::OpenSSL->exec: /opt/nfast/with-nfast -M
/opt/nfast/bin/nfkminfo
OpenCA::Token::OpenSSL->nCipher security world
information
OpenCA::Token::OpenSSL-> state:0x172f0000 Initialised
Usable Recovery !PINRecovery ExistingClient RTC NVRAM
FTO SEEDebug
OpenCA::Token::OpenSSL->Preloaded objects:
OpenCA::Token::OpenSSL->
b1021993a036dbfeb0faae35ee6d95d24794e8dc
OpenCA::Token::OpenSSL->
8c57d52d734a58daec0912e1ab9c128669223449
OpenCA::Token::OpenSSL->Getting object hash for key
rsa-rootkey
OpenCA::Token::OpenSSL->exec:
"/opt/nfast/bin/nfkmverify" hwcrhk "rsa-rootkey"
OpenCA::Token::OpenSSL->nCipher nfkmverify did not
terminate within timeout and was interrupted
administratively
OpenCA::Token::OpenSSL->Verify if key ocs object hash
is preloaded
OpenCA::Token::OpenSSL->Object is not preloaded, key
is not usable
and the error message in var/log/stderr.log is:
Loading tokens and/or keys on Module#1, ESN
B209-0B75-B420
0 cardset(s) and 0 key(s) loaded, in total across all
module(s).
Executing /opt/nfast/bin/nfkminfo ...
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153059
PKI Master Alert: Message: External program call timed
out
PKI Master Alert: debugging messages of empty token
follow
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153050
PKI Master Alert: Message: Required object is not
preloaded, key is not usable
PKI Master Alert: debugging messages of empty token
follow
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7154001
PKI Master Alert: Message: Key generation not
supported.
PKI Master Alert: debugging messages of empty token
follow
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
but if I try to generate a request instead of creating
first a private key, the error message in OpenCA's
Interface is:
OpenCA::Token::OpenSSL->Verify if key ocs object hash
is preloaded
OpenCA::Token::OpenSSL->Object is not preloaded, key
is not usable
OpenCA::Token::OpenSSL->nCipher HSM online check
OpenCA::Token::OpenSSL->Last check was performed less
than 60 seconds ago. Returning cached result.
OpenCA::Token::OpenSSL->Checking nCipher
infrastructure
OpenCA::Token::OpenSSL->exec: "/opt/nfast/bin/enquiry"
OpenCA::Token::OpenSSL->nCipher hardserver information
OpenCA::Token::OpenSSL-> 'server' (version: 2.15.15)
is operational
OpenCA::Token::OpenSSL-> 'module1' (version: 2.12.6)
is operational
OpenCA::Token::OpenSSL->nCipher key online check
OpenCA::Token::OpenSSL->exec: /opt/nfast/with-nfast -M
/opt/nfast/bin/nfkminfo
OpenCA::Token::OpenSSL->nCipher security world
information
OpenCA::Token::OpenSSL-> state:0x172f0000 Initialised
Usable Recovery !PINRecovery ExistingClient RTC NVRAM
FTO SEEDebug
OpenCA::Token::OpenSSL->Preloaded objects:
OpenCA::Token::OpenSSL->
b1021993a036dbfeb0faae35ee6d95d24794e8dc
OpenCA::Token::OpenSSL->
8c57d52d734a58daec0912e1ab9c128669223449
OpenCA::Token::OpenSSL->Getting object hash for key
rsa-rootkey
OpenCA::Token::OpenSSL->exec:
"/opt/nfast/bin/nfkmverify" hwcrhk "rsa-rootkey"
OpenCA::Token::OpenSSL->nCipher nfkmverify did not
terminate within timeout and was interrupted
administratively
OpenCA::Token::OpenSSL->Verify if key ocs object hash
is preloaded
OpenCA::Token::OpenSSL->Object is not preloaded, key
is not usable
Error 700
Error General Iniciando el testigo
de la AC ... FALL�
Mensaje de error del testigo:
and the var/log/stderr.log has this info:
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::Crypto->addToken: argument: name: DER_CERT
OpenCA::Crypto->addToken: argument: name: CONFIG
OpenCA::Crypto->addToken: argument: name: TOKEN_MODE
OpenCA::Crypto->addToken: argument: name: PEM_CERT
OpenCA::Crypto->addToken: argument: name: GETTEXT
OpenCA::Crypto->addToken: argument: name: PASSWD_PARTS
OpenCA::Crypto->addToken: argument: name: KEY
OpenCA::Crypto->addToken: argument: name: DEBUG
OpenCA::Crypto->addToken: argument: name: OPENCA_SV
OpenCA::Crypto->addToken: argument: name: NFAST_HOME
OpenCA::Crypto->addToken: argument: name: RANDFILE
OpenCA::Crypto->addToken: argument: name: TXT_CERT
OpenCA::Crypto->addToken: argument: name: OPENCA_TOKEN
OpenCA::Crypto->addToken: argument: name: CHAIN
OpenCA::Crypto->addToken: argument: name: SHELL
OpenCA::Crypto->addToken: argument: name: TMPDIR
OpenCA::Crypto->addToken: argument: name:
OPENCA_CRYPTO
OpenCA::Crypto->addToken: argument: name: WRAPPER
OpenCA::Crypto->addToken: fixed multivalued options
OpenCA::Crypto->addToken: try to setup nCipher token
OpenCA::Crypto->newToken: entering function
OpenCA::Crypto->newToken: argument: DER_CERT
OpenCA::Crypto->newToken: argument:
/usr/local/OpenCA/var/crypto/cacerts/cacert.der
OpenCA::Crypto->newToken: argument: CONFIG
OpenCA::Crypto->newToken: argument:
/usr/local/OpenCA/etc/openssl/openssl.cnf
OpenCA::Crypto->newToken: argument: TOKEN_MODE
OpenCA::Crypto->newToken: argument: standby
OpenCA::Crypto->newToken: argument: PEM_CERT
OpenCA::Crypto->newToken: argument:
/usr/local/OpenCA/var/crypto/cacerts/cacert.pem
OpenCA::Crypto->newToken: argument: GETTEXT
OpenCA::Crypto->newToken: argument: CODE(0x90d9178)
OpenCA::Crypto->newToken: argument: PASSWD_PARTS
OpenCA::Crypto->newToken: argument: 1
OpenCA::Crypto->newToken: argument: KEY
OpenCA::Crypto->newToken: argument: rsa-rootkey
OpenCA::Crypto->newToken: argument: DEBUG
OpenCA::Crypto->newToken: argument: ARRAY(0x9dcfdbc)
OpenCA::Crypto->newToken: argument: OPENCA_SV
OpenCA::Crypto->newToken: argument:
/usr/local/bin/openca-sv
OpenCA::Crypto->newToken: argument: NFAST_HOME
OpenCA::Crypto->newToken: argument: /opt/nfast
OpenCA::Crypto->newToken: argument: RANDFILE
OpenCA::Crypto->newToken: argument:
/usr/local/OpenCA/var/crypto/.rand
OpenCA::Crypto->newToken: argument: TXT_CERT
OpenCA::Crypto->newToken: argument:
/usr/local/OpenCA/var/crypto/cacerts/cacert.txt
OpenCA::Crypto->newToken: argument: OPENCA_TOKEN
OpenCA::Crypto->newToken: argument: CA
OpenCA::Crypto->newToken: argument: CHAIN
OpenCA::Crypto->newToken: argument:
/usr/local/OpenCA/var/crypto/chain
OpenCA::Crypto->newToken: argument: SHELL
OpenCA::Crypto->newToken: argument: /usr/bin/openssl
OpenCA::Crypto->newToken: argument: TMPDIR
OpenCA::Crypto->newToken: argument:
/usr/local/OpenCA/var/tmp
OpenCA::Crypto->newToken: argument: OPENCA_CRYPTO
OpenCA::Crypto->newToken: argument:
OpenCA::Crypto=HASH(0x8d78710)
OpenCA::Crypto->newToken: argument: WRAPPER
OpenCA::Crypto->newToken: argument:
/opt/nfast/with-nfast -M
OpenCA::Crypto->newToken: class:
OpenCA::Token::nCipher
OpenCA::OpenSSL->setParams: key: DER_CERT
OpenCA::OpenSSL->setParams: value:
/usr/local/OpenCA/var/crypto/cacerts/cacert.der
OpenCA::OpenSSL->setParams: key: ENGINE
OpenCA::OpenSSL->setParams: value: chil
OpenCA::OpenSSL->setParams: key: CONFIG
OpenCA::OpenSSL->setParams: value:
/usr/local/OpenCA/etc/openssl/openssl.cnf
OpenCA::OpenSSL->setParams: key: TOKEN_MODE
OpenCA::OpenSSL->setParams: value: standby
OpenCA::OpenSSL->setParams: key: PEM_CERT
OpenCA::OpenSSL->setParams: value:
/usr/local/OpenCA/var/crypto/cacerts/cacert.pem
OpenCA::OpenSSL->setParams: key: GETTEXT
OpenCA::OpenSSL->setParams: value: CODE(0x90d9178)
OpenCA::OpenSSL->setParams: key: PASSWD_PARTS
OpenCA::OpenSSL->setParams: value: 1
OpenCA::OpenSSL->setParams: key: KEY
OpenCA::OpenSSL->setParams: value: rsa-rootkey
OpenCA::OpenSSL->setParams: key: DEBUG
OpenCA::OpenSSL->setParams: value: ARRAY(0x9dcfdbc)
OpenCA::OpenSSL->setParams: key: OPENCA_SV
OpenCA::OpenSSL->setParams: value:
/usr/local/bin/openca-sv
OpenCA::OpenSSL->setParams: key: NFAST_HOME
OpenCA::OpenSSL->setParams: value: /opt/nfast
OpenCA::OpenSSL->setParams: key: RANDFILE
OpenCA::OpenSSL->setParams: value:
/usr/local/OpenCA/var/crypto/.rand
OpenCA::OpenSSL->setParams: key: TXT_CERT
OpenCA::OpenSSL->setParams: value:
/usr/local/OpenCA/var/crypto/cacerts/cacert.txt
OpenCA::OpenSSL->setParams: key: OPENCA_TOKEN
OpenCA::OpenSSL->setParams: value: CA
OpenCA::OpenSSL->setParams: key: CHAIN
OpenCA::OpenSSL->setParams: value:
/usr/local/OpenCA/var/crypto/chain
OpenCA::OpenSSL->setParams: key: SHELL
OpenCA::OpenSSL->setParams: value: /usr/bin/openssl
OpenCA::OpenSSL->setParams: key: TMPDIR
OpenCA::OpenSSL->setParams: value:
/usr/local/OpenCA/var/tmp
OpenCA::OpenSSL->setParams: key: OPENCA_CRYPTO
OpenCA::OpenSSL->setParams: value:
OpenCA::Crypto=HASH(0x8d78710)
OpenCA::OpenSSL->setParams: key: WRAPPER
OpenCA::OpenSSL->setParams: value:
/opt/nfast/with-nfast -M
OpenCA::OpenSSL->setParams: key: CERT
OpenCA::OpenSSL->setParams: value:
/usr/local/OpenCA/var/crypto/cacerts/cacert.pem
OpenCA::OpenSSL->setError: errno: 0
OpenCA::OpenSSL->setError: errval:
OpenCA::Token::OpenSSL-> KEY: rsa-rootkey<br>
OpenCA::Token::OpenSSL-> NFAST_HOME: /opt/nfast<br>
OpenCA::Token::OpenSSL-> WRAPPER:
/opt/nfast/with-nfast -M<br>
OpenCA::Crypto->newToken: no error during new
OpenCA::Crypto->newToken: new token present
OpenCA::Crypto->addToken: token CA successfully added
OpenCA::Crypto->getToken: token added
OpenCA::Crypto->getToken: token is present
OpenCA::Token::OpenSSL->nCipher HSM online check<br>
OpenCA::Token::OpenSSL->Checking nCipher
infrastructure<br>
OpenCA::Token::OpenSSL->exec:
"/opt/nfast/bin/enquiry"<br>
OpenCA::Token::OpenSSL->nCipher hardserver
information<br>
OpenCA::Token::OpenSSL-> 'server' (version: 2.15.15)
is operational<br>
OpenCA::Token::OpenSSL-> 'module1' (version: 2.12.6)
is operational<br>
OpenCA::Crypto->getToken: token is usable
OpenCA::Token::OpenSSL->nCipher key online check<br>
OpenCA::Token::OpenSSL->exec: /opt/nfast/with-nfast -M
/opt/nfast/bin/nfkminfo<br>
Loading tokens and/or keys on Module#1, ESN
B209-0B75-B420
0 cardset(s) and 0 key(s) loaded, in total across all
module(s).
Executing /opt/nfast/bin/nfkminfo ...
OpenCA::Token::OpenSSL->nCipher security world
information<br>
OpenCA::Token::OpenSSL-> state:0x172f0000 Initialised
Usable Recovery !PINRecovery ExistingClient RTC NVRAM
FTO SEEDebug<br>
OpenCA::Token::OpenSSL->Preloaded objects:<br>
OpenCA::Token::OpenSSL->
b1021993a036dbfeb0faae35ee6d95d24794e8dc<br>
OpenCA::Token::OpenSSL->
8c57d52d734a58daec0912e1ab9c128669223449<br>
OpenCA::Token::OpenSSL->Getting object hash for key
rsa-rootkey<br>
OpenCA::Token::OpenSSL->exec:
"/opt/nfast/bin/nfkmverify" hwcrhk "rsa-rootkey"<br>
OpenCA::Token::OpenSSL->nCipher nfkmverify did not
terminate within timeout and was interrupted
administratively<br>
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153059
PKI Master Alert: Message: External program call timed
out
PKI Master Alert: debugging messages of empty token
follow
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153050
PKI Master Alert: Message: Required object is not
preloaded, key is not usable
PKI Master Alert: debugging messages of empty token
follow
Loading tokens and/or keys on Module#1, ESN
B209-0B75-B420
0 cardset(s) and 0 key(s) loaded, in total across all
module(s).
Executing /opt/nfast/bin/nfkminfo ...
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153059
PKI Master Alert: Message: External program call timed
out
PKI Master Alert: debugging messages of empty token
follow
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153050
PKI Master Alert: Message: Required object is not
preloaded, key is not usable
PKI Master Alert: debugging messages of empty token
follow
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
What do you think?
What should I to generate the required keys for
OpenCA?
Thanks,
Johnny
______________________________________________
Renovamos el Correo Yahoo!: �250 MB GRATIS!
Nuevos servicios, m�s seguridad
http://correo.yahoo.es
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
