Hello Simon, The correct way is to have a "key pointer" file that you can use 'sautil' to create. Your SafeNet representative should be able to point you in the right direction.
Best Regards, Patrick. On 2012-12-13, at 1:40 PM, simon charles wrote: > > Dr. Stephen , > Thank you for your reply - here is the output of your recommended command > line > > /usr/local/openssl/ssl/bin/openssl ca -config CA.cnf -engine LunaCA3 > -keyfile "root-ca" -keyform ENGINE -in test-svr-010req.pem -out > test-svr-010.pem -batch > Using configuration from CA.cnf > engine "LunaCA3" set. > unable to load certificate > 3086288524:error:02001002:system library:fopen:No such file or > directory:bss_file.c:169:fopen('root-ca','r') * > 3086288524:error:2006D080:BIO routines:BIO_new_file:no such > file:bss_file.c:172: > 3086288524:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:696: > > * Looks like it is trying to read the key from disk on not from the HSM. > > Thanks. > > - Simon Charles - > > >> Date: Thu, 13 Dec 2012 15:48:09 +0100 >> From: st...@openssl.org >> To: openssl-users@openssl.org >> Subject: Re: Openssl default_ca values while using HSM - LunaCA3 >> >> On Wed, Dec 12, 2012, simon charles wrote: >> >>> Sorry for the duplicate post - was not signed up with the forum and might >>> have missed a response to my question . Please resend your answers if you >>> have already replied to my query. >>> >>> >>> All , >>> What would the default_ca section look like while using >>> LunaCA3 HSM for storing CA private key. Openssl looks for certificate >>> and private_key on disk - how do i make openssl ca routine aware of >>> private keys on the HSM ( LunaCA3 ) >>> Thanks. >>> >> >> Currently you cannot set the ENGINE parameters in the configuration file. You >> can however set them on the command line with: >> >> openssl ca -engine <engine name> -keyform e -keyfile <name> >> >> >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > --- Patrick Patterson President and Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca tel: +1 514 485 0789 mobile: +1 514 994 8699 fax: +1 450 424 9559 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org