PKCS#11 key not properly supported?

Ali Kiaian Thu, 25 Feb 2016 00:35:14 -0800

I'll try to keep this message simple.

E.G this command will work using the new version of engine_pkcs11:


sudo openssl req -engine pkcs11 -new -key
"pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=;id=%d4%b1%6d%62%5f%8c%f4%ec%19%05%0e%bc%2e%a0%9e%0f%d3%f1%2f%87;object=cakey;object-type=private;pin-value=1111"
-keyform engine -out req.pem -text -x509 -subj "/CN=Test"

But this will result in error:

ssl_certificate_key
"engine:pkcs11:pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=;id=%d4%b1%6d%62%5f%8c%f4%ec%19%05%0e%bc%2e%a0%9e%0f%d3%f1%2f%87;object=cakey;object-type=private;pin-value=1111";

The error message is:

nginx: [emerg]
ENGINE_load_private_key("pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=;id=%d4%b1%6d%62%5f%8c%f4%ec%19%05%0e%bc%2e%a0%9e%0f%d3%f1%2f%87;object=cakey;object-type=private;pin-value=1111")
failed (SSL: error:26096075:engine routines:ENGINE_load_private_key:not
initialised)

Any help regarding this is appreciated, Thanks.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

PKCS#11 key not properly supported?

Reply via email to