CKR_PIN_INCORRECT when creating HSM Crpto token #810
Replies: 3 comments 1 reply
-
|
Did you read the configuration guide here? https://docs.keyfactor.com/ejbca/latest/thales-luna-hsm |
Beta Was this translation helpful? Give feedback.
-
|
thanks tomas. thanks, martin |
Beta Was this translation helpful? Give feedback.
-
|
Looking at the trace output: ejbca2-ce | Caused by: java.io.IOException: load failed looking at SunPKCS11.java: its logging in a CU not CO. The EJBCA documentation talks about logging in as CO not CU. Is that right? thanks, martin |
Beta Was this translation helpful? Give feedback.
-
|
Now it was a long time since I did the initialization. The DPoD specific documentation talks about crypto officer. |
Beta Was this translation helpful? Give feedback.
-
After finally getting ejbca to connect to a Luna HSM, Im creating the HSM crypto token. It connects pkcs11 correctly and if I choose slot/token label ejbca does indeed enumerate the available slots. But when I try the security/crypto officer pin I always get CKR_PIN_INCORRECT . I can run the vendor tool ckdemo and logon there as the officer with the PIN then that works.
Reading the integration guide https://www.thalesdocs.com/gphsm/integrations/guides/ejbca/index.html#create_pkcs11_crypto_token_on_ejbca this tells me that "Crypto Token Details: Proceed to enter the necessary details to create a PKCS11 token. Ensure that you use the Luna crypto library name you added earlier. The Authentication Code corresponds to the Luna HSM Crypto Officer password." so I should be on the right track.
If I use ckdemo and try to logon as the security/crypto user then that fails but with a different error (vendor specific CKR_INVALID_ENTRY_TYPE) due to PED authentication.
Has anyone seen this type of behaviour? Seems pretty basic but for the life of me I cant see whats going wrong.
Im using the latest docker image of ejbca here https://hub.docker.com/r/keyfactor/ejbca-ce
Trace:
ejbca-ce | 2025-02-14 15:34:01,746+0000 DEBUG [org.ejbca.ui.web.admin.BaseManagedBean] (default task-2) Exception occurred in Admin Web interface, adding error message: com.keyfactor.util.keys.token.CryptoTokenAuthenticationFailedException: Failed to initialize PKCS11 provider slot 'test03'.
ejbca-ce | at deployment.ejbca.ear//org.cesecore.keys.token.PKCS11CryptoToken.activate(PKCS11CryptoToken.java:166)
ejbca-ce | at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoToken(CryptoTokenManagementSessionBean.java:411)
ejbca-ce | at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoToken(CryptoTokenManagementSessionBean.java:457)
ejbca-ce | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
ejbca-ce | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
ejbca-ce | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
ejbca-ce | at java.base/java.lang.reflect.Method.invoke(Unknown Source)
ejbca-ce | at [email protected]//org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:35)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
ejbca-ce | at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:62)
ejbca-ce | at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:72)
ejbca-ce | at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:85)
ejbca-ce | at [email protected]//org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:46)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:26)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:30)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:28)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
ejbca-ce | at [email protected]//org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:35)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:34)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:39)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:237)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:373)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:143)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
ejbca-ce | at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:78)
ejbca-ce | at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:72)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:24)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:30)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.security.IdentityOutflowInterceptor.processInvocation(IdentityOutflowInterceptor.java:56)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.security.SecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.java:27)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:27)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:47)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:50)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:33)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
ejbca-ce | at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:633)
ejbca-ce | at [email protected]//org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
ejbca-ce | at [email protected]//org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:181)
ejbca-ce | at [email protected]//org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:174)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.security.IdentityInterceptor.lambda$processInvocation$0(IdentityInterceptor.java:30)
ejbca-ce | at [email protected]//org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:421)
ejbca-ce | at [email protected]//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
ejbca-ce | at [email protected]//org.wildfly.security.auth.server.Scoped.runAsSupplierEx(Scoped.java:229)
ejbca-ce | at [email protected]//org.jboss.as.ejb3.security.IdentityInterceptor.processInvocation(IdentityInterceptor.java:30)
ejbca-ce | at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
ejbca-ce | at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
ejbca-ce | at [email protected]//org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:64)
ejbca-ce | at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.keys.token.CryptoTokenManagementSessionLocal$$$view49.createCryptoToken(Unknown Source)
ejbca-ce | at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.cryptotoken.CryptoTokenMBean.saveCurrentCryptoToken(CryptoTokenMBean.java:1212)
ejbca-ce | at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.cryptotoken.CryptoTokenMBean.saveCurrentCryptoTokenWithCheck(CryptoTokenMBean.java:1049)
ejbca-ce | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
ejbca-ce | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
ejbca-ce | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
ejbca-ce | at java.base/java.lang.reflect.Method.invoke(Unknown Source)
ejbca-ce | at [email protected]//org.glassfish.expressly.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:186)
ejbca-ce | at [email protected]//org.glassfish.expressly.parser.AstValue.invoke(AstValue.java:253)
ejbca-ce | at [email protected]//org.glassfish.expressly.MethodExpressionImpl.invoke(MethodExpressionImpl.java:248)
ejbca-ce | at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
ejbca-ce | at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
ejbca-ce | at [email protected]//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:70)
ejbca-ce | at [email protected]//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:74)
ejbca-ce | at [email protected]//com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:62)
ejbca-ce | at [email protected]//jakarta.faces.component.UICommand.broadcast(UICommand.java:205)
ejbca-ce | at [email protected]//jakarta.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:858)
ejbca-ce | at [email protected]//jakarta.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1332)
ejbca-ce | at [email protected]//com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:56)
ejbca-ce | at [email protected]//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:72)
ejbca-ce | at [email protected]//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:131)
ejbca-ce | at [email protected]//jakarta.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:691)
ejbca-ce | at [email protected]//jakarta.faces.webapp.FacesServlet.service(FacesServlet.java:449)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
ejbca-ce | at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
ejbca-ce | at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
ejbca-ce | at deployment.ejbca.ear//org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:151)
ejbca-ce | at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
ejbca-ce | at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
ejbca-ce | at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
ejbca-ce | at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
ejbca-ce | at [email protected]//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
ejbca-ce | at [email protected]//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
ejbca-ce | at [email protected]//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
ejbca-ce | at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
ejbca-ce | at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
ejbca-ce | at [email protected]//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
ejbca-ce | at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:60)
ejbca-ce | at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
ejbca-ce | at org.wildfly.security.elytron-web.undertow-server-servlet@4.1.0.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
ejbca-ce | at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
ejbca-ce | at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:44)
ejbca-ce | at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
ejbca-ce | at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:51)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
ejbca-ce | at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:132)
ejbca-ce | at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
ejbca-ce | at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
ejbca-ce | at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
ejbca-ce | at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
ejbca-ce | at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
ejbca-ce | at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
ejbca-ce | at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:256)
ejbca-ce | at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:101)
ejbca-ce | at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:393)
ejbca-ce | at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859)
ejbca-ce | at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
ejbca-ce | at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
ejbca-ce | at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
ejbca-ce | at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
ejbca-ce | at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
ejbca-ce | at java.base/java.lang.Thread.run(Unknown Source)
ejbca-ce | Caused by: java.io.IOException: load failed
ejbca-ce | at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.engineLoad(Unknown Source)
ejbca-ce | at java.base/java.security.KeyStore.load(Unknown Source)
ejbca-ce | at deployment.ejbca.ear//org.cesecore.keys.token.PKCS11CryptoToken.createKeyStore(PKCS11CryptoToken.java:203)
ejbca-ce | at deployment.ejbca.ear//org.cesecore.keys.token.PKCS11CryptoToken.activate(PKCS11CryptoToken.java:162)
ejbca-ce | ... 150 more
ejbca-ce | Caused by: java.security.UnrecoverableKeyException
ejbca-ce | ... 154 more
ejbca-ce | Caused by: javax.security.auth.login.FailedLoginException
ejbca-ce | at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.login(Unknown Source)
ejbca-ce | at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.login(Unknown Source)
ejbca-ce | ... 154 more
ejbca-ce | Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_INCORRECT
ejbca-ce | at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
ejbca-ce | ... 156 more
ejbca-ce |
Chrystoki.conf looks like this:
hrystoki2 = {
LibUNIX = /usr/safenet/lunaclient/lib/libCryptoki2.so
LibUNIX64 = /usr/safenet/lunaclient/lib/libCryptoki2_64.so
}
Luna = {
DefaultTimeOut = 500000;
PEDTimeout1 = 100000;
PEDTimeout2 = 200000;
PEDTimeout3 = 20000;
KeypairGenTimeOut = 2700000;
CloningCommandTimeOut = 300000;
CommandTimeOutPedSet = 720000;
}
CardReader = {
RemoteCommand = 1;
}
Misc = {
PE1746Enabled = 0;
ValidateHost = 0;
ToolsDir = /usr/safenet/lunaclient/bin;
PartitionPolicyTemplatePath = /usr/safenet/lunaclient/data/partition_policy_templates;
ProtectedAuthenticationPathFlagStatus = 0;
MutexFolder = /usr/safenet/lunaclient/lock;
PluginModuleDir = /usr/safenet/lunaclient/plugins;
}
LunaSA Client = {
ReceiveTimeout = 20000;
SSLConfigFile = /usr/safenet/lunaclient/bin/openssl.cnf;
ClientPrivKeyFile = /usr/safenet/lunaclient/cert/client/192.168.10.65Key.pem;
ClientCertFile = /usr/safenet/lunaclient/cert/client/192.168.10.65.pem;
ServerCAFile = /usr/safenet/lunaclient/cert/server/CAFile.pem;
NetClient = 1;
TCPKeepAlive = 1;
ServerName00 = ;
ServerPort00 = 1792;
ServerHtl00 = 0;
}
Secure Trusted Channel = {
SoftTokenDir = /usr/safenet/lunaclient/configData/token;
ClientIdentitiesDir = /usr/safenet/lunaclient/data/client_identities;
PartitionIdentitiesDir = /usr/safenet/lunaclient/data/partition_identities;
ClientTokenLib = /usr/safenet/lunaclient/lib/libSoftToken.so;
}
VirtualToken = {
VirtualToken00Label = myha;
VirtualToken00SN = 11374107993610;
VirtualToken00Members = 1374107993610,1374107993609,1374107993608;
VirtualTokenActiveRecovery = activeEnhanced;
}
HASynchronize = {
myha = 1;
}
HAConfiguration = {
haLogStatus = enabled;
HAOnly = 0;
reconnAtt = 60;
haLogPath = /hsm/safenet/lunaclient/HAlog;
}
CkLog2 = {
Enabled = 1;
NewFormat = 1;
File = /tmp/cklog.txt;
FileSize = 100;
Error = /tmp/error.txt;
LibUNIX = /usr/safenet/lunaclient/lib/libCryptoki2.so;
LibUNIX64 = /usr/safenet/lunaclient/lib/libCryptoki2_64.so;
}
Beta Was this translation helpful? Give feedback.
All reactions