Re: [Ejbca-develop] Can't create a CA/key with nCiper on EJBCA 6.0.3

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Oh, and I would recommend using the new slot label functionality instead 
of using "i1"

On 02/27/2014 06:29 AM, Bruno Bonfils wrote:
> Hello folks,
>
> I'm trying to have a CA managed by a nshield NCipher, here what I did :
>
> - create the RFS
> - create a persistent OCS named "EJBCA"
>
> - uncomment all references to PKCS11 provider in web.properties
>
> When I try to create a key, using the following command:
>
> /opt/nfast/bin/preload -c EJBCA ./dist/clientToolBox/ejbcaClientToolBox.sh PKCS11HSMKeyTool generate /opt/nfast/toolkits/pkcs11/libcknfast.so 4096 defaultRoot i1
>
> I have the following exception:
>
> java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception:
>
> whatever the password I gave.
>
> Environnment:
>
> - JBoss 7.1.1 Final, with sun/security/pkcs11 added in JDK modules.xml,
>    otherwhise nCipher Token Provider was not found
> - Oracle JDK 1.7.51 with JCE extension
>
> Note that I'm able to create a key using nCipher's tool generatekey,
> with pkcs11 application.
>
> Thanks a lot for you help!
>