Re: Openssl + engine_pkcs11: How to Sign a CSR?

Martin Heyer a écrit :
> Hello,
>
> I managed to get my Cryptoflex running with OpenCT +
OpenSC.
> The engine_pkcs11 for OpenSSL works, too.
>
> openssl req -config openssl.conf -engine pkcs11 -new
-key id_45 
>         -keyform engine -out req.pem -text -x509
>
> (together with the default config file from the docs)
>
> Now on the smartcard there is a keypair and I would
like to sign a CSR
> with it. But when I use ca instead of req in OpenSSL it
complains
> about the format:
>
> openssl ca -verbose -engine pkcs11 -keyform engine -key
id_45 -days 1000
> -out $1.crt -in $1.csr -config openssl.conf
>
>   
Hi Martin,

Your -key id_45 is the culprit. Use -keyfile instead.

Cheers,

Jean-Pierre
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user

Am Freitag, den 24.08.2007, 10:12 +0200 schrieb Jean-Pierre
Szikora:
> Hi Martin,
> 
> Your -key id_45 is the culprit. Use -keyfile instead.
> 
Oh, thats it. Now it works. 

Thank you very much.

The error message didn't really help me 

Best regards,

Martin

_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user