All - I am working to integrate a smart card as part of a certificate request on Linux with OpenSSL but I am having a hard time using a script file to keep the engine loaded AND use it for a certificate request.
Interactively with openSSL everything works fine. I can load the engine with one command (engine) and submit the request with another openssl command (req)... But both of these commands must be performed without exiting the openssl prompt. However, from a script file perspective, I am not able figure out how to get the "openssl REQ -engine" command to remember or reload the dynamic engine. Any help would be appreciated. Specific Details: I can issue this command which dynamically loads the engine: Openssl engine dynamic -vvv -pre SO_PATH:/usr/lib/opensc/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre NO_VCHECK:1 -pre LOAD And it works great. But if I follow that command with this separate openssl command (from the linux prompt): openssl req -config cert.cnf -engine pkcs11 -newkey rsa:1024 -sha1 -key id_45 -keyform engine -text -out csr.pem I get errors indicating the engine (pkcs11) is not known. This sort of makes sense if the engine was discarded ones the previous command was exited. I have tried various engine IDs but have had not luck. So... I am open to ideas. How can I keep the engine loaded? How can I find out what "engine IDs" are valid for the "openssl req -engine engine_id" command? How can I make the pkcs11 engine "static?" Any suggestions or advice would be appreciated. It seems as thought I am very close. Thanks, Rick [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
