Menu
▾
▴
Re: [SignServer-develop] signserver 4.0 error worker pdf-pkcs11
|
From: Markus K. <ma...@pr...> - 2016-10-31 10:03:09
|
On 10/31/2016 01:08 AM, Jose Alberto wrote: > Hi. > > > I Use SignServer 4.0 on Debian 8 amd64 with mariadb. > > The problem is when page demo, i tried upload pdf. ===>>> signed ====> > download pdf, and open with acrobat reader, show error in the > certificate. > > signserver getstatus brief all > Current version of server is : SignServer CE 4.0.0 > > Status of CryptoWorker with id 1 (CryptoTokenP11) is: > Worker status : Active > Token status : Active > > Status of Signer with id 2 (PDFSigner) is: > Worker status : Offline > Token status : Active > Signings : 0 > > Errors: > - Certificate does not match key > - Key usage limit exceeded or not initialized > > > > The certificate is on another PKI. But the request (csr) Must > generate from server on pkcs11? > > > > My HSM is Utimaco Lan. > > Thanks, sorry for my english. > > > Jose A > Hi Jose, Yes, the error shown in the PDF Reader is most likely because the error in the PDFSigner. The error "certificate does not match key" means that the certificate installed for the PDFSigner is not for the key in the crypto token. When you get a certificate for the key you need to make sure the CSR is generated using the key the PDFSigner will be using. Check in your PDFSigner that you have: - CRYPTOTOKEN=CryptoTokenP11 - DEFAULTKEY with the name of the key you want to use Then generate the CSR using CLI or GUI and make sure the name of the right key is specified. Then finally when you get the certificate, install it in the PDFSigner. There is no idea trying to sign anything until the "Worker status" is "Active". Regards, Markus Kilås PrimeKey Solutions Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. https://www.primekey.se/technologies/products-overview/ https://www.primekey.se/service-support/support/ |
