have you a guide about the LunaCA3 openssl driver?
have you enabled the token before using it with the /usr/luna/bin/enabler utility?
Have a look at the mail archive approx 1 year ago there was some mailings about the Luna CA3,
i have a Luna SA which is not absolutely the same as Luna CA3, that is the reason whiy i cant help you.
First you need to test the OpenSSL and LunaCA3 integration. Try to create an RSA key into the Luna CA3 with openssel, not with the OpenCA, and if it was succesfull, and you are able to use it, then go back to openCA.
Adam
Ricardo Costa wrote:
Helo,
After a few hours I'm know getting the following error:
engine "LunaCA3" set.
unable to load Private Key
1734:error:0D078079:asn1 encoding routines:ASN1_ITEM_EX_D2I:field missing:tasn_dec.c:391:Field=iqmp, Type=RSA
1734:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:96:
1734:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_pkey.c:117:
Any idea?
Ricardo Costa
Ricardo Costa wrote:
Getting another erro now:
Error loading Cryptoki library file [/usr/luna/lib/libcrystoki2.so]
can't use that engine
2421:error:2507006C:DSO support routines:DSO_load:functionality not supported:dso_lib.c:239:
2421:error:2606D067:engine routines:func(109):conflicting engine id:hw_lunaca3.c:561:
2421:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:181:
Error loading Cryptoki library file [/usr/luna/lib/libcrystoki2.so]
2421:error:0306E06C:bignum routines:BN_mod_inverse:no inverse:bn_gcd.c:482:
2421:error:0D080006:asn1 encoding routines:ASN1_sign:EVP lib:a_sign.c:275:
Any idea?
Thanks,
Ricardo Costa
Adam Tresch wrote:
As far as i remember, (currently not using the OpenCA stuff)
it is probably not necessary to put the enginearg line in the ca.conf and ca_node.conf files.
Please try it without the enginearg parameter in the above files.
Adam
Ricardo Costa wrote:
Adam,
I tried wath you sugested, but now i get the erro:
unknown option -enginearg
Do you know why?
Thanks,
Ricardo Costa
Adam Tresch wrote:
Ricardo,
you need to attach the following lines into the Chrystoki.conf file
EngineLunaCA3= { EngineInit = 1:10:11; LibPath = /usr/luna/lib/libcrystoki2.so; Handle=10; }
And in this case add the following line to the ca.conf file
opensslEngine "LunaCA3" opensslEngineArg "-enginearg 1:10:11"
you will find an example in the config file, but with the above parameters it works fine...
Adam
Ricardo Costa wrote:
Hi,
I'm trying tu put LunaCA3 working with OpenCA-0.9.1-5. I'm using: kernel-2.4.9-13 ca3util-0.1.4-7.i386.rpm lunasys-8.1-1.i386.rpm openssl-lunaca3-0.9.6-5.i386.rpm openssl-0.9.7b with the openssl-lunaca3-patch-0.9.7.tar
I'm able to Login and Logou to and from the LunaCA3, Generate new CA
secret key, but when I try Generate new CA Certificate Request i get the
error:
Missing configuration for Cryptoki library
can't use that engine
1498:error:2606D067:engine routines:func(109):conflicting engine
id:hw_lunaca3.c:553:
1498:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init
failed:eng_table.c:181:
Missing configuration for Cryptoki library
1498:error:0306E06C:bignum routines:BN_mod_inverse:no inverse:bn_gcd.c:482:
1498:error:0D080006:asn1 encoding routines:ASN1_sign:EVP lib:a_sign.c:275:
My /etc/Chrystoki.conf look's like:
Chrystoki2 = { LibUNIX=/usr/luna/lib/libcrystoki2.so; } CardReader = { RemoteCommand=1; } Luna = { DefaultTimeOut=500000; PEDTimeout1=100000; PEDTimeout2=100000; }
Misc = { LogFile = /var/log/lunaca3.log; }
Can anyone help me?
Thanks,
Ricardo Costa
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
