Santiago

Hi Raul, Many things have been discussed in this thread. Could you please point me to the precise problem you have right now? I would be glad to help if I'm able to.

Dear Tomas, I managed to create the Crypto Token both via the UI and the command line. It was a problem with the access to the socket, because even if you execute the ejbca.sh script as root, the creation of the CryptoToken is made by the ejbca user. The thing is that even if I specify the Slot ID (and there is a key on the Cloud HSM) it says that there is no key and if I want to generate one. If I try to generate a RSA 2048 key pair, it throws the error java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception:...

It's nearly the same as before when I try to create the Crypto Token via the UI. 2021-10-27 07:11:10,289 DEBUG [org.cesecore.authorization.AuthorizationCache] (default task-7) Added entry for key 'CertificateAuthenticationToken;d8fde188e5d73a6456693e52e515a5d2ffdf468cb1483a207d842f45bc728380;null'. 2021-10-27 07:11:10,290 DEBUG [org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-7) Reading Configuration: UPGRADE 2021-10-27 07:11:10,309 DEBUG [org.ejbca.ui.web.admin.cryptotoken.CryptoTokenMBean]...

The version I am using is the ejbca_ce_7_4_3_2.zip that is available on the downloads page. I will try with the UI and let you know the result. By the way, if I want to change things in the source code may I still be able to install with the ejbca-setup.sh script or may I follow another flow? Best regards, Santiago

I will try, but it is hard to tell as our PKCS#11 generates a log file when used, and this log file is not generated when the command is executed. I don't know if our provider is being called by the ejbca.sh tool. Anyway I will try to debug the provider, thank you Tomas. Best,

I created a Virtual Machine with ubuntu 20.04 and installed EJBCA following the Quick Install guide to test this PKCS11 issue. I got to the point of having the server.log file located where you said. This is the output of the command. 2021-10-26 07:34:08,945 DEBUG [org.cesecore.authorization.AuthorizationCache] (default task-4) Added entry for key 'CliAuthenticationToken;6f9483d1c3ed90fe8d6dc4ec0e2a27281587a604720aa4beac7a2cd065d1134c'. 2021-10-26 07:34:08,946 INFO [org.cesecore.audit.impl.log4j.Log4jDevice]...

After starting the container I enter it with docker exec -u 0 -it container_name bash. I located the daemon with docker cp and executed it with ./daemon_executable. After that the daemon is running and the UNIX domain socket is on.

The PKCS11 file is one developed by us, and we put it in the container using the docker cp command.