Menu
▾
▴
Re: [SignServer-develop] signserver 4.0 error worker pdf-pkcs11
|
From: Jose A. <j....@gm...> - 2016-10-31 17:50:33
|
Thanks Markus. I Solve generated request (csr) from signserver pkcs11. signserver generatecertreq 1 "C=US,CN=firma" SHA256WithRSA peticion.csr My result: signserver getstatus brief all Current version of server is : SignServer CE 4.0.0 Status of CryptoWorker with id 1 (CryptoTokenP11) is: Worker status : Active Token status : Active Status of Signer with id 2 (PDFSigner) is: Worker status : Active Token status : Active Signings : 0 On Mon, Oct 31, 2016 at 6:02 AM, Markus Kilås <ma...@pr...> wrote: > On 10/31/2016 01:08 AM, Jose Alberto wrote: > > Hi. > > > > > > I Use SignServer 4.0 on Debian 8 amd64 with mariadb. > > > > The problem is when page demo, i tried upload pdf. ===>>> signed ====> > > download pdf, and open with acrobat reader, show error in the > > certificate. > > > > signserver getstatus brief all > > Current version of server is : SignServer CE 4.0.0 > > > > Status of CryptoWorker with id 1 (CryptoTokenP11) is: > > Worker status : Active > > Token status : Active > > > > Status of Signer with id 2 (PDFSigner) is: > > Worker status : Offline > > Token status : Active > > Signings : 0 > > > > Errors: > > - Certificate does not match key > > - Key usage limit exceeded or not initialized > > > > > > > > The certificate is on another PKI. But the request (csr) Must > > generate from server on pkcs11? > > > > > > > > My HSM is Utimaco Lan. > > > > Thanks, sorry for my english. > > > > > > Jose A > > > > Hi Jose, > Yes, the error shown in the PDF Reader is most likely because the error > in the PDFSigner. > > The error "certificate does not match key" means that the certificate > installed for the PDFSigner is not for the key in the crypto token. > > When you get a certificate for the key you need to make sure the CSR is > generated using the key the PDFSigner will be using. > Check in your PDFSigner that you have: > - CRYPTOTOKEN=CryptoTokenP11 > - DEFAULTKEY with the name of the key you want to use > > Then generate the CSR using CLI or GUI and make sure the name of the > right key is specified. > > Then finally when you get the certificate, install it in the PDFSigner. > > There is no idea trying to sign anything until the "Worker status" is > "Active". > > > Regards, > Markus Kilås > PrimeKey Solutions > > Save time and money with an Enterprise support subscription. Please see > www.primekey.se for more information. > https://www.primekey.se/technologies/products-overview/ > https://www.primekey.se/service-support/support/ > > > ------------------------------------------------------------ > ------------------ > The Command Line: Reinvented for Modern Developers > Did the resurgence of CLI tooling catch you by surprise? > Reconnect with the command line and become more productive. > Learn the new .NET and ASP.NET CLI. Get your free copy! > http://sdm.link/telerik > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- ############################# # Sistema Operativo: Debian # # Caracas, Venezuela # ############################# |
