Re: [Openca-Users] Problem between my HSM (nCipher) and the BP

[Martin Bartosch]

Hi,

> I have some problems working my HSM and OpenCA, the
> two main facts are:
>
> - The issuance time is very high
> - Doesn't work appropiately with BP

first of all, Johnny uses the nCipher driver from 0.9.2 HEAD which
addresses high latency times when performing private key operations
via status caching. In my environment the nCipher driver works fine
with manual issuance (which takes about 1 - 2 seconds from click to
display of the final cert).
So I think the nCipher driver should be OK.

> Some tests I have done for BP are:
>
> 1. With a total of  100 requests with the same role
> it signed 38, but none of them was stored in the DB.
> So they remain as "NEW".
>
>
> 2. For a test with 10 requests, we can see this:
>
>  1. the 10 requests were signed and stored in the DB
>     successfully
>  2. the total time was  5 minutes 25 seconds. (too
> high I guess)
>
> Does anyone know how can I configure my BP to work
> efficiently with my HSM?

As Oliver suggested, review your token configuration. My advice is
to get batch processing to work with software tokens only first.
Then try to modify the token configuration to use the nCipher module
as the CA token.

If time permits I'll be performing some tests on the BP with nCipher
HSM myself.

Martin



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users