Menu
▾
▴
Re: [Ejbca-develop] Error when creating an ECC key
|
From: John K. <sta...@gm...> - 2019-08-29 16:47:22
|
Thanks Tomas, I am running Centos 7.6. I did a yum update, which did update Java packages, but still have the same error after a reboot + restart of EJBCA. How can I update NSS packages outside of yum, or what other packages should I be looking at? - johnk On 8/28/19 2:07 AM, Tomas Gustavsson wrote: > > Hi, > > This error: > "java.lang.RuntimeException: Cannot load SunEC provider" > > indicates an issue error with the JDK installation. We've had report of > it before, We've seen it depend on non-updated NSS libraries on RHEL/CentOS. > See here for example: > https://jira.primekey.se/browse/ECA-5701 > > The solution is to upgrade all libraries in your system. Which CentOS > are you running, the latest should be fine. > > Regards, > Tomas > > > On 2019-08-28 01:10, John Kemp wrote: >> Hi, >> >> I am trying to create a P-256 EC key on my HSM using the >> PKCS11HSMKeyTool, and this fails, although RSA keys are just fine. Any >> hint on configuration here? >> >> EJBCA 6.15.2.1, OpenJDK 1.8.0.212, Safenet Luna 6 HSM running on Centos 7. >> >> - johnk >> >> [johnk@foo clientToolBox]$ dzdo ./ejbcaClientToolBox.sh PKCS11HSMKeyTool >> generate /usr/safenet/lunaclient/lib/libshim.so secp256r1 ecTEST 1 >> >> Using Slot Reference Type: Slot Number. >> PKCS11 Token [SunPKCS11-libshim.so-slot1] Password: >> Command could not be executed. See log for stack trace. >> 2019-08-27 20:34:58,988 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command >> 'PKCS11HSMKeyTool generate /usr/safenet/lunaclient/lib/libshim.so >> secp256r1 ecdsaTEST 1' could not be executed. >> >> java.lang.RuntimeException: Cannot load SunEC provider >> at >> sun.security.pkcs11.P11ECKeyFactory.getSunECProvider(P11ECKeyFactory.java:55) >> >> at >> sun.security.pkcs11.P11ECKeyFactory.getECParameterSpec(P11ECKeyFactory.java:71) >> >> at >> sun.security.pkcs11.P11KeyPairGenerator.initialize(P11KeyPairGenerator.java:154) >> >> at >> sun.security.pkcs11.P11KeyPairGenerator.<init>(P11KeyPairGenerator.java:140) >> >> at >> sun.security.pkcs11.SunPKCS11$P11Service.newInstance0(SunPKCS11.java:1004) >> at >> sun.security.pkcs11.SunPKCS11$P11Service.newInstance(SunPKCS11.java:981) >> at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) >> at sun.security.jca.GetInstance.getInstance(GetInstance.java:206) >> at >> java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:279) >> at >> org.cesecore.keys.util.KeyStoreTools.generateKeyPair(KeyStoreTools.java:409) >> >> at >> org.cesecore.keys.util.KeyStoreTools.generateEC(KeyStoreTools.java:250) >> at >> org.cesecore.keys.util.KeyStoreTools.generateKeyPair(KeyStoreTools.java:350) >> >> at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:243) >> at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:723) >> at >> org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40) >> at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:67) >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
