Re: [Openca-Users] Error in Phase 1 (Generate new CA secret key) with nCipher

Tue, 18 Jan 2005 10:37:53 -0800 

Hi Johnny,

>       can't use that engine
>       2726:error:25066067:DSO support
> routines:DLFCN_LOAD:could not load the shared
> library:dso_dlfcn.c:149:filename(libnfhwcrhk.so):
> libnfhwcrhk.so: cannot open shared object file: No
> such file or directory
>       2726:error:25070067:DSO support
> routines:DSO_load:could not load the shared
> library:dso_lib.c:244:
>       2726:error:81067068:hwcrhk
> engine:HWCRHK_INIT:dso failure:hw_ncipher.c:529:
>       2726:error:260B806D:engine
> routines:ENGINE_TABLE_REGISTER:init
> failed:eng_table.c:182:
>       no engine specified
>       unable to load Private Key
>       error in req
>
> I looked for the file in my system and I found it
>
> ./opt/nfast/toolkits/hwcrhk/libnfhwcrhk.so
>
> It has this permissions: rxwrxwrxw, I also changed
> owner to the apache user, but the error message is the
> same.

First of all give the poor file its proper permissions and
ownership back:

chown root:root /opt/nfast/toolkits/hwcrhk/libnfhwcrhk.so
chmod 644 /opt/nfast/toolkits/hwcrhk/libnfhwcrhk.so

(You are running a *CA*, not a public hosting service, aren't
you? :-) )

In the error log openssl complains that it cannot open
(read: locate) the shared library. So you will have most chances
for success if you tell openssl where to search.

You have two options:

- set the environment variable LD_LIBRARY_PATH for the Apache CGI
  environment. You will need the mod_env module and the setting
  SetEnv LD_LIBRARY_PATH "/opt/nfast/toolkits/hwcrhk/"
  in your apache config.
- a much better way is to tell the *system* where the lib can
  be located, or make the library available in a system wide
  known directory. This can be achieved by
  - adding the line /opt/nfast/toolkits/hwcrhk/ to the file /etc/ld.so.conf
    and running the 'ldconfig' command OR
  - symlinking the library to a directory where it can be found, like:
    cd /usr/local/lib && ln -s /opt/nfast/toolkits/hwcrhk/*.so .

Choose your preferred way, I'd suggest changing the ld.so.conf file.

Martin



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to