Hi all.
I'm having problem making SignServer 3.2 work with LunaSA.
In first instance, I created the keys using the LunaSA cmu command and imported the TSS certificate inside my HSM (using cmu).
This way I noticed that SignServer could not find the keys…
To understand what was happening, I've configured KeyTool to use the LunaSA as keystore and, effectively, while cmu was able to see the keys/certificate, keytool said the keystore was empty.
I tried then to create the keys using keytool with the following command:
Hi all.
I'm having problem making SignServer 3.2 work with LunaSA.
In first instance, I created the keys using the LunaSA cmu command and imported the TSS certificate inside my HSM (using cmu).
This way I noticed that SignServer could not find the keys…
To understand what was happening, I've configured KeyTool to use the LunaSA as keystore and, effectively, while cmu was able to see the keys/certificate, keytool said the keystore was empty.
I tried then to create the keys using keytool with the following command:
but without luck: I always get an
error…
Looking through the documentation of SignServer, I found the generatekey command, so I tried:
However, I keep getting the same error. Follows the stacktrace.
Do you have any idea? Do SignServer works with LunaSA?
To use the generatekey command you might have to specify an attributesfile by setting the path to it as a worker property for worker 1:
A sample attributes file is available in the manual:
http://www.signserver.org/manual/complete.en.html#PKCS11CryptoToken
Regards,
Markus
Done, but no luck.
Here is the props.cfg file:
The commands I issued were:
But I got again the CKR_TEMPLATE_INCONSISTENT error.
One mor Info : I'm using LunaSA 4.1
If it can be useful, below is my worker configuration:
If you already have keys generated in the partition that can not be read by Java then maybe you have to remove them first.
Are you able to list the keys either using "bin/signserver.sh testkey 1 all" or using the EJBCA ClientToolbox HSMKeyTool?
Regards,
Markus
I removed the key before I tried the generatekey command: now the HSM is empty….
I really have no idea what can be wrong…
After you set the attributesfile property, you need to restart jboss.
Cheers,
Tomas
Thank you both a lot for your support!
Now it works!
Regards,
Massimiliano