Menu
▾
▴
Re: [Ejbca-develop] CA token is off-line, Please activate the token before continuing when using PKCS#11
|
From: Luc P. <luc...@gm...> - 2013-10-21 17:34:19
|
Hello,
I use this parameters :
sharedLibrary=/usr/local/lib/mysharedlibrary.so
slot=0
certSignKey=certsignkey
crlSignKey=crlsignkey
defaultKey=defaultsignkey
pin=XXXX
Thanks for your help.
2013/10/21 Tomas Gustavsson <to...@pr...>
> What CA token parameters do you have? Usually there will be more logging,
> enable debug, that will show you what is going on.
>
>
>
> Luc Pallavidino <luc...@gm...> wrote:
>>
>> Hello,
>>
>> I want to use an HSM to create a CA. When I create it with the admin-GUI
>> i have this error :
>>
>> "CA token is off-line, Please activate the token before continuing"
>>
>> But, when I use the CLI to generate a new key, It works fine :
>>
>> ./ejbcaClientToolBox.sh PKCS11HSMKeyTool generate
>> /usr/local/lib/libhsm.so 2048 defaultkey 0
>>
>> I don't understand why I can't create a new CA with the HSM. Can you help
>> me please ?
>>
>> This is my log :
>>
>> [#|2013-10-19T19:31:52.905+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.905
>> [httpSSLWorkerThread-8443-1] DEBUG org.ejbca.util.keystore.KeyTools -
>> {SLOT_ID=0, PKCS11_NATIVE_MODULE=/usr/local/lib/libcryptosec.so}
>> |#]
>>
>> [#|2013-10-19T19:31:52.905+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.905
>> [httpSSLWorkerThread-8443-1] INFO org.ejbca.util.keystore.KeyTools - Using
>> SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11
>> |#]
>>
>> [#|2013-10-19T19:31:52.906+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.906
>> [httpSSLWorkerThread-8443-1] ERROR org.ejbca.util.keystore.KeyTools - Error
>> constructing pkcs11 provider: null
>> |#]
>>
>> [#|2013-10-19T19:31:52.908+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.908
>> [httpSSLWorkerThread-8443-1] ERROR o.e.c.m.c.c.CATokenContainerImpl - Error
>> contructing CA Token (setting to null):
>> org.ejbca.core.model.ca.catoken.CATokenOfflineException: Erreur pendant
>> la cr?ation d'un token d'AC.
>> at org.ejbca.util.keystore.P11Slot.getInstance(P11Slot.java:192)
>> ~[ejbca-util.jar:na]
>> at org.ejbca.util.keystore.P11Slot.getInstance(P11Slot.java:146)
>> ~[ejbca-util.jar:na]
>> at
>> org.ejbca.core.model.ca.catoken.PKCS11CAToken.init(PKCS11CAToken.java:132)
>> ~[ejbca-util.jar:na]
>> at
>> org.ejbca.core.model.ca.catoken.CATokenContainerImpl.getCAToken(CATokenContainerImpl.java:987)
>> [ejbca-util.jar:na]
>> at
>> org.ejbca.core.model.ca.catoken.CATokenContainerImpl.activate(CATokenContainerImpl.java:300)
>> [ejbca-util.jar:na]
>> at
>> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCA(CAAdminSessionBean.java:249)
>> [ejbca-ejb_jar/:na]
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> ~[na:1.6.0_26]
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> ~[na:1.6.0_26]
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> ~[na:1.6.0_26]
>> at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_26]
>> at
>> com.sun.enterprise.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1011)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.security.SecurityUtil.invoke(SecurityUtil.java:175)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.ejb.containers.BaseContainer.invokeTargetBeanMethod(BaseContainer.java:2929)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4020)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:197)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:83)
>> [appserv-rt.jar:9.1]
>> at $Proxy63.createCA(Unknown Source) [na:na]
>> at
>> org.ejbca.ui.web.admin.cainterface.CADataHandler.createCA(CADataHandler.java:119)
>> [classes/:na]
>> at org.apache.jsp.ca.editcas.editcas_jsp._jspService(editcas_jsp.java
>> from :871) [na:na]
>> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
>> [appserv-rt.jar:9.1]
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
>> [javaee.jar:9.1]
>> at
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
>> [appserv-rt.jar:9.1]
>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
>> [appserv-rt.jar:9.1]
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
>> [javaee.jar:9.1]
>> at
>> org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:427)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:333)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
>> [appserv-rt.jar:9.1]
>> at
>> org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:103)
>> [classes/:na]
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:313)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:287)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
>> [appserv-rt.jar:9.1]
>> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
>> [appserv-rt.jar:9.1]
>> at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
>> [appserv-rt.jar:9.1]
>> at
>> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:291)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:666)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:597)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:872)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:444)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:230)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:264)
>> [appserv-rt.jar:9.1]
>> at
>> com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
>> [appserv-rt.jar:9.1]
>> |#]
>>
>>
>> --
>>
>> Pallavidino Luc Tél. : +33-6-8070-3133
>> Mail : luc...@gm... <pal...@ho...>
>> Ingénieur en monétique et sécurité des systèmes
>>
>>
>> ------------------------------
>>
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
>> the latest Intel processors and coprocessors. See abstracts and register >
>> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
>>
>> ------------------------------
>>
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>>
> --
> PrimeKey Solutions AB
> Internet: www.primekey.se
> Twitter: twitter.com/primekeyPKI
> Mob: +46 (0)707421096
>
--
Pallavidino Luc Tél. : +33-6-8070-3133
Mail :
luc...@gm... <pal...@ho...>
Ingénieur en monétique et sécurité des systèmes
|
