Не удается создать запрос на сертификат (ubuntu 14.10, 15.04)
Делаю так:
root@nastya-MS-7788:~# pkcs11-tool --module /usr/lib/librtpkcs11ecp.so --keypairgen --key-type rsa:2048 -l --id 45
Using slot 0 with a present token (0x0)
Logging in to "hardkey1".
Please enter User PIN:
Key pair generated:
Private Key Object; RSA
label:
ID: 45
Usage: decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
Public Key Object; RSA 2048 bits
label:
ID: 45
Usage: encrypt, verify, wrap
root@nastya-MS-7788:~# openssl
OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/opt/aktivco/rutokenecp/x86_64/librtpkcs11ecp.so
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:/opt/aktivco/rutokenecp/x86_64/librtpkcs11ecp.so
Loaded: (pkcs11) pkcs11 engine
OpenSSL> req -engine pkcs11 -new -key 0:45 -keyform engine -x509 -out cert.pem -text
engine "pkcs11" set.
PKCS#11 token PIN:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Moscow
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AA
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:test
Email Address []:q
140690830747280:error:8000A030:PKCS11 library:PKCS11_rsa_sign:Device error:p11_ops.c:131:
140690830747280:error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:a_sign.c:314:
error in req
OpenSSL> На двух разных компах с Убунтой 14.10 и 15.04, результат одинаков.
Из xca тоже самое.
Если без использования librtpkcs11ecp.so с инициализацией через pcsc15-init, то тоже не работает.
В чем может быть проблема?