Hi Patrick ,
I did create the private key using sautil and tagged a label while creating
it ( "root-ca" ). I am working with my Safenet representative but the
documentation is lacking when it comes to integration with openssl command
line. I figured - ask the openssl experts here. Any help would be much
appreciated.
Thanks.
- Simon Charles -
> Subject: Re: Openssl default_ca values while using HSM - LunaCA3
> From: [email protected]
> Date: Thu, 13 Dec 2012 13:54:11 -0500
> To: [email protected]; [email protected]
>
> Hello Simon,
>
> The correct way is to have a "key pointer" file that you can use 'sautil' to
> create. Your SafeNet representative should be able to point you in the right
> direction.
>
> Best Regards,
>
> Patrick.
> On 2012-12-13, at 1:40 PM, simon charles wrote:
>
> >
> > Dr. Stephen ,
> > Thank you for your reply - here is the output of your recommended
> > command line
> >
> > /usr/local/openssl/ssl/bin/openssl ca -config CA.cnf -engine LunaCA3
> > -keyfile "root-ca" -keyform ENGINE -in test-svr-010req.pem -out
> > test-svr-010.pem -batch
> > Using configuration from CA.cnf
> > engine "LunaCA3" set.
> > unable to load certificate
> > 3086288524:error:02001002:system library:fopen:No such file or
> > directory:bss_file.c:169:fopen('root-ca','r') *
> > 3086288524:error:2006D080:BIO routines:BIO_new_file:no such
> > file:bss_file.c:172:
> > 3086288524:error:0906D06C:PEM routines:PEM_read_bio:no start
> > line:pem_lib.c:696:
> >
> > * Looks like it is trying to read the key from disk on not from the HSM.
> >
> > Thanks.
> >
> > - Simon Charles -
> >
> >
> >> Date: Thu, 13 Dec 2012 15:48:09 +0100
> >> From: [email protected]
> >> To: [email protected]
> >> Subject: Re: Openssl default_ca values while using HSM - LunaCA3
> >>
> >> On Wed, Dec 12, 2012, simon charles wrote:
> >>
> >>> Sorry for the duplicate post - was not signed up with the forum and might
> >>> have missed a response to my question . Please resend your answers if you
> >>> have already replied to my query.
> >>>
> >>>
> >>> All ,
> >>> What would the default_ca section look like while using
> >>> LunaCA3 HSM for storing CA private key. Openssl looks for certificate
> >>> and private_key on disk - how do i make openssl ca routine aware of
> >>> private keys on the HSM ( LunaCA3 )
> >>> Thanks.
> >>>
> >>
> >> Currently you cannot set the ENGINE parameters in the configuration file.
> >> You
> >> can however set them on the command line with:
> >>
> >> openssl ca -engine <engine name> -keyform e -keyfile <name>
> >>
> >>
> >> --
> >> Dr Stephen N. Henson. OpenSSL project core developer.
> >> Commercial tech support now available see: http://www.openssl.org
> >> ______________________________________________________________________
> >> OpenSSL Project http://www.openssl.org
> >> User Support Mailing List [email protected]
> >> Automated List Manager [email protected]
> >
>
> ---
> Patrick Patterson
> President and Chief PKI Architect
> Carillon Information Security Inc.
> http://www.carillon.ca
>
> tel: +1 514 485 0789
> mobile: +1 514 994 8699
> fax: +1 450 424 9559
>
>
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [email protected]
> Automated List Manager [email protected]
