Troubleshooting | Utimaco Integration Guides

Error	Diagnosis
openssl engine pkcs11 -v FATAL: Startup failure (dev note: apps_startup()) for openssl 00219D7BFB7F0000:error:13000091:engine routines:dynamic_load:version incompatibility:crypto/engine/eng_dyn.c:481: 00219D7BFB7F0000:error:13000066:engine routines:int_engine_configure:engine configuration error:crypto/engine/eng_cnf.c:139:section=pkcs11_section, name=dynamic_path,value=/usr/local/libp11/lib/pkcs11.so 00219D7BFB7F0000:error:0700006D:configuration file routines:module_run:module initializationerror:crypto/conf/conf_mod.c:270:module=engines,value=engine_section retcode=-1	Version incompatibility found on RHEL 8 and on RHEL 9 it successfully worked
openssl req -engine pkcs11 -new -key "pkcs11:token=FedoraCert;object= CertKey1" -keyform engine -out TestRSACSR.csr Engine "pkcs11" set. Enter PKCS#11 token PIN for FedoraCert: The private key was not found at: pkcs11:token=FedoraCert;object= CertKey1 PKCS11_get_private_key returned NULL Could not read private key from org.openssl.engine:pkcs11:pkcs11:token=FedoraCert;object= CertKey1 002EBC7E1E7F0000:error:40000065:pkcs11 engine:ERR_ENG_error:object not found:eng_back.c:887: 002EBC7E1E7F0000:error:13000080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:79: Segmentationfault(coredumped)	Check Key exist on the slot and provide correct key name
11.01.2023 11:18:37.059 \| [00016138:00016138] open_plugin \| I: Opening KeyStorePlugin 'Ephemeral Storage' (config: ) 11.01.2023 11:18:37.059 \| [00016138:00016138] set_default_plugin_id \| I: Set new default KeyStorePlugin 'Internal Storage' 11.01.2023 11:18:37.059 \| [00016138:00016138] exec_loadbalanced \| W: HSM::ConnectionException(Error::NO_DEVICE_AVAILABLE = 0xbe000007) thrown in select_device Error::NO_DEVICE_AVAILABLE 11.01.2023 11:18:37.059 \| [00016138:00016138] enter_failover \| I: Entering failover mode (fallback interval: 0 seconds) 11.01.2023 11:18:37.059 \| [00016138:00016138] exec_distributed \| W: HSM::ConnectionException(Error::NO_DEVICE_AVAILABLE = 0xbe000007)throwninexec_failoverError::NO_DEVICE_AVAILABLE 11.01.2023 11:18:37.059 \| [00016138:00016138] reconnect_failed_devices \| W: Reconnection attempt failed:Utimaco::HSM::ConnectionException(error_code=0xb901306f)	Make the changes in keystorage section in cs_pkcs11.cfg file and check that the HSM device is running up and reachable from the host.

Error

Diagnosis

openssl engine pkcs11 -v

FATAL: Startup failure (dev note: apps_startup()) for openssl 00219D7BFB7F0000:error:13000091:engine

routines:dynamic_load:version incompatibility:crypto/engine/eng_dyn.c:481: 00219D7BFB7F0000:error:13000066:engine

routines:int_engine_configure:engine configuration error:crypto/engine/eng_cnf.c:139:section=pkcs11_section, name=dynamic_path,value=/usr/local/libp11/lib/pkcs11.so 00219D7BFB7F0000:error:0700006D:configuration file routines:module_run:module initializationerror:crypto/conf/conf_mod.c:270:module=engines,value=engine_section retcode=-1

Version incompatibility found on RHEL 8 and on RHEL 9 it successfully worked

openssl req -engine pkcs11 -new -key "pkcs11:token=FedoraCert;object= CertKey1" -keyform engine -out TestRSACSR.csr

Engine "pkcs11" set.

Enter PKCS#11 token PIN for FedoraCert:

The private key was not found at: pkcs11:token=FedoraCert;object= CertKey1

PKCS11_get_private_key returned NULL Could not read private key from

org.openssl.engine:pkcs11:pkcs11:token=FedoraCert;object= CertKey1

002EBC7E1E7F0000:error:40000065:pkcs11

engine:ERR_ENG_error:object not found:eng_back.c:887: 002EBC7E1E7F0000:error:13000080:engine

routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:79:

Segmentationfault(coredumped)

Check Key exist on the slot and provide correct key name

11.01.2023 11:18:37.059 | [00016138:00016138] open_plugin

| I: Opening KeyStorePlugin 'Ephemeral Storage' (config: )

11.01.2023 11:18:37.059 | [00016138:00016138] set_default_plugin_id

| I: Set new default KeyStorePlugin 'Internal Storage'

11.01.2023 11:18:37.059 | [00016138:00016138] exec_loadbalanced

| W: HSM::ConnectionException(Error::NO_DEVICE_AVAILABLE = 0xbe000007) thrown in select_device Error::NO_DEVICE_AVAILABLE 11.01.2023 11:18:37.059 | [00016138:00016138] enter_failover

| I: Entering failover mode (fallback interval: 0 seconds) 11.01.2023 11:18:37.059 | [00016138:00016138] exec_distributed

| W: HSM::ConnectionException(Error::NO_DEVICE_AVAILABLE =

0xbe000007)throwninexec_failoverError::NO_DEVICE_AVAILABLE

11.01.2023 11:18:37.059 | [00016138:00016138]

reconnect_failed_devices | W: Reconnection attempt failed:Utimaco::HSM::ConnectionException(error_code=0xb901306f)

Make the changes in keystorage section in cs_pkcs11.cfg file and check that the HSM device is running up and reachable from the host.

Table 6: List of Error and its Diagnosis