[Ejbca-develop] Can't create a pkcs#11 crypto token

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm trying to install EJBCA 6.2 using an HSM as a crypto provider.

I can't see "PKCS11" option as type of provider in the crypto token creation GUI. I can only see "SOFT" as token type.

What should I do to be able to create a new PKCS#11 crypto token?

EJBCA Shell script communicates properly with the HSM:
$ cd /appli/ejbca/install/ejbca_ce_6_2_0
$ bin/pkcs11HSM.sh generate /logiciels/API_PKCS11_v3.5.2/lib/libpkcs11c2p.so 2048 defaultRoot i0
2015-04-15 17:40:55,811 INFO  [org.cesecore.config.ConfigurationHolder] Allow external re-configuration: false
Using Slot Reference Type: Slot Index.
2015-04-15 17:40:56,144 INFO  [org.cesecore.keys.token.p11.Pkcs11SlotLabel] Using SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11
Created certificate with entry defaultRoot.
$

EJBCA ant client also works fine:
$ ./ejbcaClientToolBox.sh PKCS11HSMKeyTool test /logiciels/API_PKCS11_v3.5.2/lib/libpkcs11c2p.so 1
2015-04-15 17:52:58,283 INFO  [org.cesecore.config.ConfigurationHolder] Allow external re-configuration: false
Test of keystore with ID 1.
2015-04-15 17:52:58,559 INFO  [org.cesecore.keys.token.p11.Pkcs11SlotLabel] Using SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11
Not testing keys with alias TransportKey. Not a private key.

Testing of key: defaultRoot
Private part:
SunPKCS11-libpkcs11c2p.so-slot1 RSA private key, 2048 bits (id 16777217, token object, sensitive, unextractable)
RSA key:
  modulus: aa3eb6a3bf651aac56e623b66f65b158d91b76f800de0186d1295408d8f47fd0ed2e73332945fe5e14cb9a7e93bcaa8f331e3c9529f24ef7b758dc40e7ad60dabbbc3a56e3317303a453a419c2d766ba3861dd75e6c969852378bfdc394f80fa13792ad1376fcbaf17dcb010831bba4b1253f67ad3c5d20e7e8d2cd25dc932fb35daa49972307990efea66e339f61ce8ed1ce421f63a85b8497c7a05c3d33dee6bc14e6681d581d212090ffc52fbd0857e0f3118afd65f23b91497e4aae29fbafb6f6527ee59e518f7d6d6e1e6aa34c3355a3e9020066a6af12dfcd936967980c35707ef282f824ff810a8198ee550e87c5d9b7da6204ae9c34a72b2223c4a07
  public exponent: 10001
encryption provider: SunJCE version 1.7; decryption provider: SunPKCS11-libpkcs11c2p.so-slot1 version 1.7; modulus length: 2048; byte length 245. The decoded byte string is equal to the original!
Signature test of key defaultRoot: signature length 256; first byte 64; verifying true
Signings per second: 131
Decryptions per second: 132
Hit RETURN to run again. Type x and hit RETURN to quit.

Jean-Luc.