Amaury SIHARATH

Hello, I'm trying to integrate Thales DPoD HSM on Demand and EJBCA CE under a CentOS 7 environment with Wildfly 18. I presume it is installed and functional since I'm able to create and test keys as wildfly user using lunacm or cmu. Interacting with DPoD is possible as well using ejbcaClientToolBox script by generating key pairs and testing contents in the token. Still, I'm not able to create a crypto token by using the admin web GUI, labels are not listed when trying to access PKCS11 - DPoD tokens...

Yes ! You were and are right ! Solution is to create token or initialize softHSM as wildfly user, so that wildfly / ejbca application can actually access necessary files. Labels is effectively displayed on UI and Crypto Token creation is working. Thank you very much for you help and reactivity, especially when the issue wasn't related to EJBCA ultimately. Thanks a lot, A.

Indeed, wildfly is run as a service using systemd, and as such, I think that has to do with privileges. I use to run clientToolBox as root user and as such, it's working. BUT trying to run it as wildfly user isn't working, even after changing ownership to wildfly or adding wildfly user as root user ( for testing purpose ). Running the tool box under these conditions rise the same error logs mentionned at the beginning.

I do have several ones, but the right one is configured in web.properties, and following logs seem to confirm this : 2021-11-17 10:06:05,596 DEBUG [org.cesecore.keys.token.p11.Pkcs11SlotLabel] (default task-1) Using JDK8 SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11 2021-11-17 10:06:05,616 DEBUG [org.cesecore.keys.token.p11.Pkcs11SlotLabel] (default task-1) Get dummy sun provider throws an exception for /usr/lib64/libsofthsm2.so. This is OK.: java.lang.reflect.InvocationTargetException Tested...

Hi, No, it doesn't. Following logs are returned when switching to label list on the UI : 2021-11-17 09:43:51,691 DEBUG [org.cesecore.keys.token.p11.Pkcs11SlotLabel] (default task-2) Found number of slots: 1 2021-11-17 09:43:51,691 DEBUG [org.cesecore.keys.token.p11.Pkcs11SlotLabel] (default task-2) 0: Found token label: id=0 There are more slots with proper labels in the soft hsm though.

Hello, I'm trying to integrate Soft HSM 2 and EJBCA CE under a CentOS 7 environment with Wildfly 18. I'm trying to create a Crypto Token, but form submitting returns an "Error when creating Crypto Token" error, along with the ID of the token which isn't created. The libsofthsm2.so file seems to be recognized by the admin web gui. Debug level logs in wildfly indicate "sun.security.pkcs11.wrapper.PKCS11Exception: CKR_TOKEN_NOT_RECOGNIZED" along with following errors, to sum them up: Caused by: java.lang.IllegalStateException:...