Dr. Stephen ,
Thank you for your reply - here is the output of your recommended command
line
/usr/local/openssl/ssl/bin/openssl ca -config CA.cnf -engine LunaCA3 -keyfile
"root-ca" -keyform ENGINE -in test-svr-010req.pem -out test-svr-010.pem -batch
Using configuration from CA.cnf
engine "LunaCA3" set.
unable to load certificate
3086288524:error:02001002:system library:fopen:No such file or
directory:bss_file.c:169:fopen('root-ca','r') *
3086288524:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:
3086288524:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:
* Looks like it is trying to read the key from disk on not from the HSM.
Thanks.
- Simon Charles -
> Date: Thu, 13 Dec 2012 15:48:09 +0100
> From: st...@openssl.org
> To: openssl-users@openssl.org
> Subject: Re: Openssl default_ca values while using HSM - LunaCA3
>
> On Wed, Dec 12, 2012, simon charles wrote:
>
> > Sorry for the duplicate post - was not signed up with the forum and might
> > have missed a response to my question . Please resend your answers if you
> > have already replied to my query.
> >
> >
> > All ,
> > What would the default_ca section look like while using
> > LunaCA3 HSM for storing CA private key. Openssl looks for certificate
> > and private_key on disk - how do i make openssl ca routine aware of
> > private keys on the HSM ( LunaCA3 )
> > Thanks.
> >
>
> Currently you cannot set the ENGINE parameters in the configuration file. You
> can however set them on the command line with:
>
> openssl ca -engine <engine name> -keyform e -keyfile <name>
>
>
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
