Dr. Stephen , Thank you for your reply - here is the output of your recommended command line
/usr/local/openssl/ssl/bin/openssl ca -config CA.cnf -engine LunaCA3 -keyfile "root-ca" -keyform ENGINE -in test-svr-010req.pem -out test-svr-010.pem -batch Using configuration from CA.cnf engine "LunaCA3" set. unable to load certificate 3086288524:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('root-ca','r') * 3086288524:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172: 3086288524:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696: * Looks like it is trying to read the key from disk on not from the HSM. Thanks. - Simon Charles - > Date: Thu, 13 Dec 2012 15:48:09 +0100 > From: st...@openssl.org > To: openssl-users@openssl.org > Subject: Re: Openssl default_ca values while using HSM - LunaCA3 > > On Wed, Dec 12, 2012, simon charles wrote: > > > Sorry for the duplicate post - was not signed up with the forum and might > > have missed a response to my question . Please resend your answers if you > > have already replied to my query. > > > > > > All , > > What would the default_ca section look like while using > > LunaCA3 HSM for storing CA private key. Openssl looks for certificate > > and private_key on disk - how do i make openssl ca routine aware of > > private keys on the HSM ( LunaCA3 ) > > Thanks. > > > > Currently you cannot set the ENGINE parameters in the configuration file. You > can however set them on the command line with: > > openssl ca -engine <engine name> -keyform e -keyfile <name> > > > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org