Dear All,
I need to use LunaSA(LunaCA3) for openca. I already use LunaSA¹s openssl
patch(the engine, LunaCA3). I am able to use openssl to create private key
and created CSR.
I want to know how to configure openca to work with HSM(LunaSA)
Can some one give me some instruction/direction? Thanks in advance
$ /usr/local/ssl/bin/openssl
OpenSSL> engine LunaCA3 -post login:1:10:11:XXXXXXXXXXXXXXX
(LunaCA3) Chrysalis-ITS Luna CA3 hardware engine support
OpenSSL> rsa -engine LunaCA3 -in /root/s-m01.key -text -noout
engine "LunaCA3" set.
Private-Key: (4096 bit)
modulus:
00:ba:80:80:a1:3f:c9:dc:3d:d1:83:6f:a5:55:31:
1c:12:9d:06:fe:ee:43:78:97:4f:b1:8d:11:2a:37:
20:72:f4:8e:8d:cc:da:29:49:2e:1d:13:f1:c3:00:
f4:f5:a9:91:ef:6e:d4:03:5a:5f:19:3b:ec:2d:2b:
88:78:c4:74:0c:aa:f9:c5:d5:a2:9a:d2:9c:20:ba:
b9:fd:0d:57:4e:05:7c:f2:99:58:be:c3:9c:b5:d8:
11:7f:cb:cf:7c:e6:a6:d3:e7:93:1f:8b:aa:6e:be:
59:14:d7:cc:b2:0d:e3:c4:14:2f:8e:55:f9:e4:07:
6e:ae:cb:fd:3e:6f:d4:d7:d5:bd:0f:81:33:cc:67:
df:f8:ce:44:ee:c2:c2:86:9e:bd:52:f0:3f:ae:e6:
13:4b:64:f3:00:d5:e2:62:35:89:24:3b:b3:0c:c3:
07:f7:f6:a2:21:7e:ae:14:21:a5:b7:a7:d6:80:7b:
13:3f:d1:26:c7:84:ef:53:95:e4:4d:68:09:c1:55:
7e:15:1f:30:55:e8:5e:56:c8:0e:5f:dd:9a:25:0c:
57:76:a2:b7:4b:3f:02:1e:d6:1b:86:00:fa:5a:48:
5d:91:a3:9b:43:9c:12:90:0a:ac:8c:04:2d:eb:f3:
9d:80:ad:ab:8a:ed:1c:33:a3:0a:f7:9a:8e:d2:be:
0c:e7:0a:7e:7b:18:64:35:2a:35:c4:b4:03:2b:94:
a1:5c:6e:bf:ff:0c:54:9f:80:53:13:01:04:66:72:
8c:e7:61:88:18:a0:40:8f:ba:58:bf:26:88:6c:a3:
51:2d:c2:79:10:85:b7:d6:1d:b6:19:b2:27:d4:55:
c4:f2:31:d1:c2:d0:1e:25:c4:99:ec:a9:5c:be:64:
7b:f2:5f:ef:67:5e:c4:e9:21:3b:0f:45:fb:e6:5d:
ad:1c:94:49:61:6a:44:6f:4b:11:90:68:3a:bf:36:
2d:4c:91:18:b0:b7:98:4d:34:9c:9b:57:6a:99:a3:
d8:fc:85:d2:9f:6f:26:1d:02:3e:1a:d2:96:60:77:
18:3f:38:a3:b2:fb:a4:d7:9f:48:18:18:51:7a:d6:
00:0e:d7:dc:e7:70:2a:92:21:33:a1:ef:97:77:04:
d0:d9:83:57:74:72:b2:fa:fc:34:5e:ed:f2:35:10:
71:19:49:c6:5f:c8:d0:63:14:ea:6f:f3:03:de:e8:
07:28:83:7b:34:e7:fa:0d:fe:f6:53:ce:92:5a:e9:
69:11:6d:93:1f:41:e7:37:7a:18:09:d3:b8:b3:b9:
a8:0e:72:d3:e5:1f:2e:22:d7:7a:e8:b7:eb:e7:23:
c3:d2:15:e6:9f:40:9e:9c:ef:11:c7:47:85:6a:a8:
11:09:a3
publicExponent: 3 (0x3)
privateExponent: 1 (0x1)
prime1: 224 (0xe0)
prime2: 223 (0xdf)
exponent1: 1 (0x1)
exponent2: 1 (0x1)
coefficient: 1 (0x1)
OpenSSL> req -engine LunaCA3 -new -key /root/s-m01.key -out /root/s-m01.csr
-days 720
engine "LunaCA3" set.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Virginia
Locality Name (eg, city) []:Dulles
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XYZ
Organizational Unit Name (eg, section) []:ITSec
Common Name (eg, YOUR name) []:abc.xyz.xom
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
OpenSSL> engine LunaCA3 -post logout:1:10:11
(LunaCA3) Chrysalis-ITS Luna CA3 hardware engine support
OpenSSL> exit
$ /usr/local/ssl/bin/openssl req -engine LunaCA3 -in /root/s-m01.csr -text
-noout
engine "LunaCA3" set.
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=Virginia, L=Dulles, O=AOL LLC, OU=ITSec, CN=
abc.xyz.xom
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (4096 bit)
Modulus (4096 bit):
00:ba:80:80:a1:3f:c9:dc:3d:d1:83:6f:a5:55:31:
.
.
.
b2:5d:5d:df:fb:87:90:9b:ed:03:2c:53:29:4e:cb:b7:01:7d:
48:3d:2f:6e:6c:68:fe:0e:60:14:12:af:45:b1:68:4f:e2:65:
7c:6d:2f:f1:32:08:40:f2
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
