PKCS#11 key not properly supported?
Ali Kiaian
lkn2993 at gmail.com
Thu Feb 25 08:34:21 UTC 2016
I'll try to keep this message simple.
E.G this command will work using the new version of engine_pkcs11:
sudo openssl req -engine pkcs11 -new -key
"pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=;id=%d4%b1%6d%62%5f%8c%f4%ec%19%05%0e%bc%2e%a0%9e%0f%d3%f1%2f%87;object=cakey;object-type=private;pin-value=1111"
-keyform engine -out req.pem -text -x509 -subj "/CN=Test"
But this will result in error:
ssl_certificate_key
"engine:pkcs11:pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=;id=%d4%b1%6d%62%5f%8c%f4%ec%19%05%0e%bc%2e%a0%9e%0f%d3%f1%2f%87;object=cakey;object-type=private;pin-value=1111";
The error message is:
nginx: [emerg]
ENGINE_load_private_key("pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=;id=%d4%b1%6d%62%5f%8c%f4%ec%19%05%0e%bc%2e%a0%9e%0f%d3%f1%2f%87;object=cakey;object-type=private;pin-value=1111")
failed (SSL: error:26096075:engine routines:ENGINE_load_private_key:not
initialised)
Any help regarding this is appreciated, Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160225/0b7885ce/attachment.html>
More information about the nginx
mailing list