Hello Martin, Regarding the problem I told you before, high times issuing certificates with the nCipher and problem issuing certificates with bp) we made some small modifications in nCiper configs to be able to get more accurate logs regarding mainly the calling of the openssl command. The changes consist in the creation of these environment variables:
NFAST_HWCRHK_LOGFILE=/opt/nfast/log/hwcrhk.log
NFAST_DEBUG=7
NFAST_DEBUGFILE=/opt/nfast/log/debug.log
When these variables I'm getting this errors:
*(Line 441)*
NFastApp_Connect failed: Permission denied
OpenCA::Token::OpenSSL->nCipher enquiry: hardserver is
not running
(error code 256)<br>
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153051
PKI Master Alert: Message: nCipher hardserver process
is not running
PKI Master Alert: debugging messages of empty token
follow
NFastApp_Connect failed: Permission denied
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153051
PKI Master Alert: Message: nCipher hardserver process
is not running
PKI Master Alert: debugging messages of empty token
follow
OpenCA::Crypto->setError: errno: 7121040
OpenCA::Crypto->setError: errval: The token is not
usable.
*(Line 880)*
NFastApp_Connect failed: Permission denied
OpenCA::Token::OpenSSL->nCipher enquiry: hardserver is
not running
(error code 256)<br>
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153051
PKI Master Alert: Message: nCipher hardserver process
is not running
PKI Master Alert: debugging messages of empty token
follow
NFastApp_Connect failed: Permission denied
PKI Master Alert: OpenCA::Token::nCipher error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 7153051
PKI Master Alert: Message: nCipher hardserver process
is not running
PKI Master Alert: debugging messages of empty token
follow
OpenCA::Crypto->setError: errno: 7121040
OpenCA::Crypto->setError: errval: The token is not
usable.
If I take out the NFAST_DEBUGFILE variable I get these
messges:
(**process 1 **Linea 7372 a 12162 - **process 2
**18147 -19365)*
OpenCA::Token::OpenSSL->Key information summary<br>
OpenCA::Token::OpenSSL->Key rsa-rootkey:<br>
OpenCA::Token::OpenSSL-> Type: RSAPrivate (2048
bit)<br>
OpenCA::Token::OpenSSL-> OCS name: RootCA<br>
OpenCA::Token::OpenSSL-> OCS hash:
6d5bce32327db1c63805557d4f15ed0c9aa7b521<br>
OpenCA::Token::OpenSSL-> OCS type: ephemeral<br>
OpenCA::Token::OpenSSL-> OCS quorum: 2/6<br>
OpenCA::Token::OpenSSL-> OCS timeout: 0<br>
OpenCA::Token::OpenSSL->Verify if key ocs object hash
6d5bce32327db1c63805557d4f15ed0c9aa7b521 is
preloaded<br>
OpenCA::Token::OpenSSL->Key seems to be usable<br>
...
Loading tokens and/or keys on Module#1, ESN
B209-0B75-B420
NFast_Disconnect app=0x80d9b10; conn=0x80d9d00;
time=1119974052
0 cardset(s) and 0 key(s) loaded, in total across all
module(s).
Executing /usr/bin/openssl ...
can't use that engine
3070:error:81067072:hwcrhk engine:HWCRHK_INIT:dynamic
locking
missing:hw_ncipher.c:584:You HAVE to add dynamic
locking callbacks via
CRYPTO_set_dynlock_{create,lock,destroy}_callback()
3070:error:81067071:hwcrhk engine:HWCRHK_INIT:unit
failure:hw_ncipher.c:602:
3070:error:260B806D:engine
routines:ENGINE_TABLE_REGISTER:init
failed:eng_table.c:182:
Using configuration from
/usr/local/ca/OpenCA/etc/openssl/openssl/User.conf
no engine specified
unable to load CA private key
error in ca
*(**proceso 1** Linea 18147 -19365 + addtional error
19358 for the same process)*
can't use that engine
3166:error:81067072:hwcrhk engine:HWCRHK_INIT:dynamic
locking
missing:hw_ncipher.c:584:You HAVE to add dynamic
locking callbacks via
CRYPTO_set_dynlock_{create,lock,destroy}_callback()
3166:error:81067071:hwcrhk engine:HWCRHK_INIT:unit
failure:hw_ncipher.c:602:
3166:error:260B806D:engine
routines:ENGINE_TABLE_REGISTER:init
failed:eng_table.c:182:
Using configuration from
/usr/local/ca/OpenCA/etc/openssl/openssl/User.conf
no engine specified
unable to load CA private key
error in ca
I'm attaching nCipher log file.
Do you know what could be going on here?
thanks a lot,
Johnny
PS: to make the message shorter I'm attaching the url
of your last response to this thread :-)
--- Martin Bartosch <[EMAIL PROTECTED]> escribió:
http://www.mail-archive.com/[email protected]/msg07306.html
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
http://correo.yahoo.es
log.tar.gz
Description: 4201255481-log.tar.gz
