Thanks Mat - that info really helps. I validated your input and queried the
private key file - which indeed pointed to handles on the HSM. For further
validation - i tried to sign using the sautil output key file on another box
w/o hsm and it failed.
- Simon Charles -
> From: argem
# sautil -l "my-rsa-private-label" g 2048
# openssl req -engine LunaCA3 -new -nodes -key "my-rsa-private-label"
-keyform ENGINE -out tmpkey.req -days 30
Which works but when using openssl ca routine - it is not able to find / load
the keys
- Simon Charl
here. Any help would be much
appreciated.
Thanks.
- Simon Charles -
> Subject: Re: Openssl default_ca values while using HSM - LunaCA3
> From: ppatter...@carillon.ca
> Date: Thu, 13 Dec 2012 13:54:11 -0500
> To: openssl-users@openssl.org; charlessi...@hotmail.com
>
> Hello
/usr/local/openssl/ssl/bin/openssl version
OpenSSL 1.0.0e 6 Sep 2011
- Simon Charles -
> Date: Thu, 13 Dec 2012 19:53:40 +0100
> From: st...@openssl.org
> To: openssl-users@openssl.org
> Subject: Re: Openssl default_ca values while using HSM - LunaCA3
>
> On Thu, D
6D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:
* Looks like it is trying to read the key from disk on not from the HSM.
Thanks.
- Simon Charles -
> Date: Thu, 13 Dec 2012 15:48:09 +0100
> From: st...@openssl.org
> To: openssl-users@openssl.org
> Subject: Re:
All ,
What would the default_ca section look like while using LunaCA3 HSM for
storing CA private key. Openssl looks for certificate and private_key on disk -
how do i make openssl ca routine aware of private keys on the HSM ( LunaCA3 )
Thanks.
- Simon Charles -
. Openssl looks for certificate
and private_key on disk - how do i make openssl ca routine aware of
private keys on the HSM ( LunaCA3 )
Thanks.
- Simon Charles -
