From: EJBCA S. <ejb...@pr...> - 2008-10-30 10:05:13
|
Hi Leonardo I'm assuming you are using the java web start deployment of Tolima. The htmf log files are stored in <USER_HOME>/.hardtokenmgmt<n>_<n>.log can you send it to me. Which tokens are you using and which pkcs11 driver? // Regards Philip Leonardo L. P. da Mata skrev: > Hey, i've advanced a lot in the ejbca installation and it's > integration with htmf, but i still can't use htmf correct. I'm sending > this message here because the htmf list has no discussion at all. > > so, i'm using java 6 and intert explorer to access tolima. I've > generated an administrator card, and it seems to work (i can use this > card with other applications to sign). > > after the administrator authenthicate in the htmf, the ejbca send a message: > 19:09:11,390 INFO [Log4jLogDevice] 29 de Outubro de 2008 19h9min11s > BRST, CAId : -1688117755, AUTHORIZATION, > EVENT_INFO_AUTHORIZEDTORESOURCE, Administrator : C LIENTCERT, > Certificate SNR : 3964574de5f7dca8, CN=AdminCA1,O=EJBCA Sample,C=SE, > User : No user involved, Certificate : No certificate involved, > Comment : Resour ce : > > and the htmf hangs with no answer and no debug information. > > Anyone have any idea why this isn't working? > > BTW, the ant deploy of htmf doesn't substitute all variables correct, > the $*.hostname variables are beeing deployed without beeing > substituded. Maybe this is a bug of htmf (TOLIMA) > > > Thanks. > > On Tue, Oct 21, 2008 at 5:34 AM, Tomas Gustavsson <to...@pr...> wrote: > >> Thanks added it to docs for next release. >> >> Cheers, >> Tomas >> >> >> Leonardo L. P. da Mata wrote: >> >>> So, after some time trying to find the problem, i think i could get it solved. >>> The eviroment variable JDK_HOME must be set correct for this to work. >>> This is a problem with ncipher software that is not well documented, >>> but i think it is important to put a note in the User's Guide. >>> >>> Command used: >>> C:\Documents and >>> Settings\barroca\Desktop\server_keys>c:\nfast\bin\generatekey.exe >>> --import -c mscapi jcecsp pemreadfile=unprotected.pem >>> keystore=temp.keystore type=RSA alias=imported1 >>> Result: >>> recovery: Key recovery? (yes/no) [yes] > >>> keystorepass: JCE key store password? (hidden) >>> x509country: Country code? [] > >>> x509province: State or province? [] > >>> x509locality: City or locality? [] > >>> x509org: Organisation? [] > >>> x509orgunit: Organisation unit? [] > >>> x509dnscommon: Domain name? [] > >>> x509email: Email address? [] > >>> nvram: Store blob in NVRAM (will require administrator cardset)? (yes/no) [no] >>> key generation parameters: >>> operation Operation to perform import >>> >>> application Application jcecsp >>> >>> protect Protected by token >>> slot Slot to read cards from 0 >>> recovery Key recovery yes >>> verify Verify security of key yes >>> type Key type RSA >>> pemreadfile PEM file containing RSA key unprot >>> ected.pem >>> keystore Filename of JCE key store temp.k >>> eystore >>> keystorepass JCE key store password <hidde >>> n> >>> alias JCE key alias import >>> ed1 >>> x509country Country code >>> x509province State or province >>> x509locality City or locality >>> x509org Organisation >>> x509orgunit Organisation unit >>> x509dnscommon Domain name >>> x509email Email address >>> nvram Store blob in NVRAM (will require administrator cardset) no >>> >>> Loading `mscapi': >>> Module 1: 0 cards of 1 read >>> Module 1 slot 0: `mscapi' #1 (`oper') >>> Module 1 slot 0:- passphrase supplied - reading card >>> Card reading complete. >>> >>> Subprocess failed >>> Arguments: {C:/Arquivos de programas/Java/jdk1.6.0_07/bin/java.exe} com.ncipher. >>> provider.tools.ImportKey --keystore temp.keystore --alias imported1 --ident d34d >>> 2ec33c1b108ceb2d890094736947514ab4ca --type com.ncipher.provider.km.KMRSAPrivate >>> Key --certificate C:/nfast/kmdata/tmp/436_basilisco.cert << {123456 >>> } >>> Errors: >>> FATAL: error creating temp.keystore >>> >>> >>> ERROR: Tcl_Eval of 'store' failed: child process exited abnormally >>> 17:11:36 ERROR: cannot remove kmdata file (C:\nfast\kmdata\local\key_jceshim_d34 >>> d2ec33c1b108ceb2d890094736947514ab4ca): No such file or directory >>> nfgk_operate: SoftwareFailed >>> >>> >>> >>> I still need to test if the key is working correct, but when i list >>> keys with nfkminfo, i can see the new imported keys. >>> >>> Thanks. >>> >>> >>> On Mon, Oct 20, 2008 at 12:27 PM, Leonardo L. P. da Mata >>> <ba...@gm...> wrote: >>> >>>> Hey Brune, the Security World is ok. I've checked the file >>>> permissions, and apparently this is not an issue, because i'm getting >>>> the same problem using the system administrator. >>>> >>>> I'm following the steps of ejbca user's guide. When importing a file, >>>> i can't access the keystore of the HSM: >>>> >>>> keystore: Filename of JCE key store? [] >>>> >>>>> temp.keystore >>>>> >>>> ERROR: keystore: key store key is missing >>>> keystore: Filename of JCE key store? [] >>>> >>>>> 59b8a83024f6d271ac8ec03838d8e3de7c204785 >>>>> >>>> ERROR: keystore: cannot open file >>>> keystore: Filename of JCE key store? [] >>>> >>>>> c:\nfast\kmdata\local\key_jcecsp_59b8a83024f6d271ac8ec03838d8e3de7c204785 >>>>> >>>> ERROR: keystore: invalid keystore >>>> ERROR: keystore: key store key is missing >>>> keystore: Filename of JCE key store? [] >>>> ERROR: keystore: invalid filename >>>> keystore: Filename of JCE key store? [] >>>> >>>>> c:\nfast\kmdata\local\ >>>>> >>>> ERROR: keystore: cannot open file >>>> keystore: Filename of JCE key store? [] >>>> >>>> >>>> >>>> temp.keystore contains "59b8a83024f6d271ac8ec03838d8e3de7c204785" as >>>> mentioned in the user guide: >>>> "Windows: 'copy con: temp.keystore' and copypaste the string, press >>>> Ctrl-Z and Enter" >>>> >>>> Thanks again. >>>> >>>> On Mon, Oct 20, 2008 at 10:22 AM, Bruno Bonfils <as...@as...> wrote: >>>> >>>>> On Mon 20 October, Leonardo L. P. da Mata wrote: >>>>> >>>>>> I've read the HSM manual and checked that my Security world is a fips level 2. >>>>>> The NFAST_HOME is ok. I think this a security issue. I'm gonna try >>>>>> with the system administrator. >>>>>> >>>>> Hi, >>>>> >>>>> in order to create some key protected by the HSM, you need to create a >>>>> Security World, and OCS (Operator Card Set). This procedure is well >>>>> documented in the HSM documentations. However I may help if you trouble >>>>> (ps: I work at Linagora and I used to work with EJBCA and nCipher). >>>>> >>>>> If you really already have a security world, check the file permissions, >>>>> I don't know how is going on windows, but on unix environnement, >>>>> nCipher's default permissions only allow root to read/write the security >>>>> world's files. >>>>> >>>>> BEst regards >>>>> >>>>> -- >>>>> http://asyd.net/home/ - Home Page >>>>> http://guses.org/home/ - French Speaking (Open)Solaris User Group >>>>> >>>>> ------------------------------------------------------------------------- >>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >>>>> Build the coolest Linux based applications with Moblin SDK & win great prizes >>>>> Grand prize is a trip for two to an Open Source event anywhere in the world >>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>> _______________________________________________ >>>>> Ejbca-develop mailing list >>>>> Ejb...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>>> >>>>> >>>> -- >>>> Leonardo Luiz Padovani da Mata >>>> ba...@gm... >>>> >>>> "May the force be with you, always" >>>> "Nerd Pride... eu tenho. Voce tem?" >>>> >>>> >>> >>> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > > > > |