|
»
« Return to Thread: Using external key with ncipher HSM
Re: Using external key with ncipher HSM
by Leonardo L. P. da Mata
::
Rate this Message:
After understanding EJBCA and nCipher HSM, i was able to manage the
issues and the CA is up and running. But we had some problems dealing
with quorums.
Was someone able to use quorum with more than 1 person to import keys?
It might be a bug in EJBCA or HSM software.
Thanks
Mary Christmas and Happy New year.
On Mon, Oct 20, 2008 at 12:27 PM, Leonardo L. P. da Mata
<barroca@...> wrote:
> Hey Brune, the Security World is ok. I've checked the file
> permissions, and apparently this is not an issue, because i'm getting
> the same problem using the system administrator.
>
> I'm following the steps of ejbca user's guide. When importing a file,
> i can't access the keystore of the HSM:
>
> keystore: Filename of JCE key store? []
>> temp.keystore
> ERROR: keystore: key store key is missing
> keystore: Filename of JCE key store? []
>> 59b8a83024f6d271ac8ec03838d8e3de7c204785
> ERROR: keystore: cannot open file
> keystore: Filename of JCE key store? []
>> c:\nfast\kmdata\local\key_jcecsp_59b8a83024f6d271ac8ec03838d8e3de7c204785
> ERROR: keystore: invalid keystore
> ERROR: keystore: key store key is missing
> keystore: Filename of JCE key store? []
>>
> ERROR: keystore: invalid filename
> keystore: Filename of JCE key store? []
>> c:\nfast\kmdata\local\
> ERROR: keystore: cannot open file
> keystore: Filename of JCE key store? []
>
>
>
> temp.keystore contains "59b8a83024f6d271ac8ec03838d8e3de7c204785" as
> mentioned in the user guide:
> "Windows: 'copy con: temp.keystore' and copypaste the string, press
> Ctrl-Z and Enter"
>
> Thanks again.
>
> On Mon, Oct 20, 2008 at 10:22 AM, Bruno Bonfils <asyd@...> wrote:
>> On Mon 20 October, Leonardo L. P. da Mata wrote:
>>> I've read the HSM manual and checked that my Security world is a fips level 2.
>>> The NFAST_HOME is ok. I think this a security issue. I'm gonna try
>>> with the system administrator.
>>
>> Hi,
>>
>> in order to create some key protected by the HSM, you need to create a
>> Security World, and OCS (Operator Card Set). This procedure is well
>> documented in the HSM documentations. However I may help if you trouble
>> (ps: I work at Linagora and I used to work with EJBCA and nCipher).
>>
>> If you really already have a security world, check the file permissions,
>> I don't know how is going on windows, but on unix environnement,
>> nCipher's default permissions only allow root to read/write the security
>> world's files.
>>
>> BEst regards
>>
>> --
>> http://asyd.net/home/ - Home Page
>> http://guses.org/home/ - French Speaking (Open)Solaris User Group
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejbca-develop@...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>
>
>
> --
> Leonardo Luiz Padovani da Mata
> barroca@...
>
> "May the force be with you, always"
> "Nerd Pride... eu tenho. Voce tem?"
>
--
Leonardo Luiz Padovani da Mata
barroca@...
"May the force be with you, always"
"Nerd Pride... eu tenho. Voce tem?"
------------------------------------------------------------------------------
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
issues and the CA is up and running. But we had some problems dealing
with quorums.
Was someone able to use quorum with more than 1 person to import keys?
It might be a bug in EJBCA or HSM software.
Thanks
Mary Christmas and Happy New year.
On Mon, Oct 20, 2008 at 12:27 PM, Leonardo L. P. da Mata
<barroca@...> wrote:
> Hey Brune, the Security World is ok. I've checked the file
> permissions, and apparently this is not an issue, because i'm getting
> the same problem using the system administrator.
>
> I'm following the steps of ejbca user's guide. When importing a file,
> i can't access the keystore of the HSM:
>
> keystore: Filename of JCE key store? []
>> temp.keystore
> ERROR: keystore: key store key is missing
> keystore: Filename of JCE key store? []
>> 59b8a83024f6d271ac8ec03838d8e3de7c204785
> ERROR: keystore: cannot open file
> keystore: Filename of JCE key store? []
>> c:\nfast\kmdata\local\key_jcecsp_59b8a83024f6d271ac8ec03838d8e3de7c204785
> ERROR: keystore: invalid keystore
> ERROR: keystore: key store key is missing
> keystore: Filename of JCE key store? []
>>
> ERROR: keystore: invalid filename
> keystore: Filename of JCE key store? []
>> c:\nfast\kmdata\local\
> ERROR: keystore: cannot open file
> keystore: Filename of JCE key store? []
>
>
>
> temp.keystore contains "59b8a83024f6d271ac8ec03838d8e3de7c204785" as
> mentioned in the user guide:
> "Windows: 'copy con: temp.keystore' and copypaste the string, press
> Ctrl-Z and Enter"
>
> Thanks again.
>
> On Mon, Oct 20, 2008 at 10:22 AM, Bruno Bonfils <asyd@...> wrote:
>> On Mon 20 October, Leonardo L. P. da Mata wrote:
>>> I've read the HSM manual and checked that my Security world is a fips level 2.
>>> The NFAST_HOME is ok. I think this a security issue. I'm gonna try
>>> with the system administrator.
>>
>> Hi,
>>
>> in order to create some key protected by the HSM, you need to create a
>> Security World, and OCS (Operator Card Set). This procedure is well
>> documented in the HSM documentations. However I may help if you trouble
>> (ps: I work at Linagora and I used to work with EJBCA and nCipher).
>>
>> If you really already have a security world, check the file permissions,
>> I don't know how is going on windows, but on unix environnement,
>> nCipher's default permissions only allow root to read/write the security
>> world's files.
>>
>> BEst regards
>>
>> --
>> http://asyd.net/home/ - Home Page
>> http://guses.org/home/ - French Speaking (Open)Solaris User Group
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejbca-develop@...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>
>
>
> --
> Leonardo Luiz Padovani da Mata
> barroca@...
>
> "May the force be with you, always"
> "Nerd Pride... eu tenho. Voce tem?"
>
--
Leonardo Luiz Padovani da Mata
barroca@...
"May the force be with you, always"
"Nerd Pride... eu tenho. Voce tem?"
------------------------------------------------------------------------------
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
« Return to Thread: Using external key with ncipher HSM
| Free embeddable forum powered by Nabble | Forum Help |
