[SignServer-develop] SignServer HSM

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I was wondering if anyone can help figure out an error I'm getting on
SignServer CE 3.6.2.

I've been able to setup a Lab environment to get familiar and test both
EJBCA and SignServer. I'm using softHSM for testing purposes and get it
working on both servers. I got EJBCA CA and Sub-CA key store in softHSM,
generated the CA certificates and CRLs are being issued. Just the basic
setup.

However, I have been working on setting up timestamp on SignServer and I
keep getting the error "No signer certificate" when I run the command
"bin/signserver getstatus complete <id>".  Here are the steps I did to
set it up:

First Worker (CryptoToken) -> All Good!
1. Setup the configuration.properties
        bin/signserver setproperties
$PATH/pkcs11-crypto-configuration.properties
2. Reload worker
        bin/signserver reload 1
3. Activate CryptoToken
        bin/signserver activatecryptotoken 1
4. Test CryptoToken
        bin/signserver testkey 1

First Worker (HSM KeepAlive) -> All Good!
1. Setup the configuration.properties
        bin/signserver setproperties
$PATH/qs_hsmkeepalive_configuration.properties
2. Reload worker
        bin/signserver reload 2

First Worker (HSM KeepAlive) -> Almost Good!
1. Setup the configuration.properties
        bin/signserver setproperties
$PATH/qs_timestamp_configuration.properties
2. Reload worker
        bin/signserver reload 3
3. Upload Certificate Chain . The Chain file is PEM formated and
contains the TSA Certificate first and then the CA Certificate.
        bin/signserver uploadsignercertificatechain 3 GLOB
$PATH/Chain.pem
4. Reload worker
        bin/signserver reload 3
5. Get Status
        bin/signserver getstatus complete 3

When I call for getstatus on the timestamp worker, these are the two (2)
messages I'm getting:

(1) Stating that there is no signer certificate installed:

Error:
            - No signer certificate

(2) That there is a signer certificate available.
The current configuration use the following signer certificate : 
             Subject DN:     CN=softsatsap11.pilotserver.com
             Serial number:  d6ce9b6c073d0f2
             Issuer DN:      CN=DevLab,OU=PKICore,O=DevLab LLC,C=COM
             Valid from:     2015-02-25 15:25:15 AST
             Valid until:    2015-06-05 15:25:15 AST

The timestamp worker never becomes Active.

I have also tried uploading the signer certificate directly
(bin/signserver uploadsignercertificate 3 GLOB $PATH/tsa.pem) and I
still get the same results.

Any light on this matter will be greatly appreciated.

Thank you,
Jenner