Menu
▾
▴
Re: [Ejbca-develop] EJBCA - Create AC with a k/n quorum with k=2 and n=3
|
From: Tomas G. <to...@pr...> - 2013-06-06 08:46:55
|
You can read examples in the EJBCA documentation at http://www.ejbca.org/adminguide.html#nCipher%20nShield/netHSM. You must start JBoss also with preload, otherwise JBoss will not be able to access the keys you have created, hence you get a "LoginException". Cheers, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 06/06/2013 10:37 AM, Daniel JAMET wrote: > Hi, > > Thanks for your response. > > This morning I: > > 1) Create cardset Racine with the command: */opt/nfast/bin/createocs > --module=1 --ocs-quorum 2/3 --name=Racine --name-cards --persist > --timeout=0* > > 2) Create keys with the commands: > * a) /opt/nfast/bin/preload -c Racine > /opt/ejbca/bin/pkcs11HSM.sh generate > /opt/nfast/toolkits/pkcs11/libcknfast.so defaultRoot i1* > * b) /opt/nfast/bin/preload -c Racine > /opt/ejbca/bin/pkcs11HSM.sh generate > /opt/nfast/toolkits/pkcs11/libcknfast.so cryptRoot i1* > * c) /opt/nfast/bin/preload -c Racine > /opt/ejbca/bin/pkcs11HSM.sh generate > /opt/nfast/toolkits/pkcs11/libcknfast.so testRoot i1* > > 3) preload keys : */opt/nfast/bin/preload -c Racine pause* > > 4) Start Jboss with: *sudo /etc/init.d/jboss start* > > 5) Try to create AC 'AC_Racine' with *preload -c Racine > /opt/ejbca/bin/ejbca.sh ca init AC_Racine 'O=SER2S, OU=DPM, C=FR, > CN=AC_Racine' \* > * 'org.ejbca.core.model.ca.catoken.PKCS11CAToken' prompt > 4096 RSA 10000 '1.2.250.1.79.12' \* > * SHA1WithRSA /opt/ejbca/conf/catoken-Racine.properties* > > 6) And i obtain the log ejbca.log int attachment. > > What do you think ? An explanation ? > > Best regards > > Daniel JAMET |
