I am still running into a few problems and am hoping for a little more
debugging assistance.
I created these entries in my configuration file (certsc.cnf):
----
engine = engine_section
[ engine_section ]
smartcard = smartcard_engine
[ smartcard_engine ]
engine_id = smartcard
SO_PATH = /usr/lib/opensc/engine_pkcs11.so
MODULE_PATH = /usr/lib/pkcs11/opensc-pkcs11.so
ID = smartcard
LIST_ADD = 1
NO_VCHECK = 1
LOAD = EMPTY
----
And then I made the following OpenSSL call...
---
openssl req \
-config $ConfigFile \
-engine smartcard \
-newkey rsa:1024
# -new \
-sha1 \
-key id_45 \
-keyform engine \
-text \
-out certsc.csr
---
But received these error message...
----
invalid engine "smartcard"
6779:error:2606A074:engine routines:ENGINE_by_id:no such
engine:eng_list.c:379:id=smartcard
6779:error:25066067:DSO support routines:DLFCN_LOAD:could not load the
shared library:dso_dlfcn.c:153:filename(libsmartcard.so):
libsmartcard.so: cannot open shared object file: No such file or
directory
6779:error:25070067:DSO support routines:DSO_load:could not load the
shared library:dso_lib.c:244:
6779:error:260B6084:engine routines:DYNAMIC_LOAD:dso not
found:eng_dyn.c:365:
----
It seems as if the engine 'smartcard' is not recognized.
Any suggestions would be greatly appreciated.
Regards,
Rick
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erwann ABALEA
Sent: Friday, July 08, 2005 9:08 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Dynamic engine / smart card support for CSR
generation
Bonjour,
Hodie post. Non. Iul. MMV est, Robinson, Richard L (Rick) scripsit:
> I get errors indicating the engine (pkcs11) is not known. This sort
> of makes sense if the engine was discarded ones the previous command
> was exited. I have tried various engine IDs but have had not luck.
Use the autoconfig feature of OpenSSL. Update your openssl.cnf file, by
adding this:
-----
openssl_conf = openssl_init
[openssl_init]
oid_section = new_oids
engine = engine_section
[ engine_section ]
dynamic = dynamic_section
[ dynamic_section ]
engine_id = dynamic
SO_PATH = /usr/lib/opensc/engine_pkcs11.so ID = pkcs11 LIST_ADD = 1
NO_VCHECK = 1 LOAD = EMPTY
-----
adjust the commands to your specific case, then set the environment
variable OPENSSL_CONF to point to this openssl.cnf file, and you'll be
able to use 'openssl req' as usual.
I don't know how the change of ENGINE id will perform with the rest, but
you should now go a little farther.
--
Erwann ABALEA <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
