Breadcrumbs

Troubleshooting

Error

Diagnosis

Error:NO_DEVICE_AVAILABLE

  1. Ensure that the environment variable CS_PKCS11_R3_CFG correctly points to a valid cs_pkcs11_R3.cfg file.

  2. Verify that the cs_pkcs11_R3.cfg file has a valid Device entry, and points to existing CryptoServer instances.

Error: Failed to attach external HSM client library. Please check if you specified the vendor provided PKCS#11 library path correctly

  1. Verify whether the correct path to PKCS#11 library path is specified.

  2. Verify if the cs_pkcs11_R3.cfg file is available under /etc/utimaco folder.

  3. Verify if the cs_pkcs11_R3.cfg file configurations are correct.

LoginUser= failed: 05.12.2021 23:45:45

src/p11adm_R2.c[429] p11_login: C_Login [type=1] returned Error 0x00000102 (CKR_USER_PIN_NOT_INITIALIZED)

PKCS#11 slot is not initialized.

Error:Slot 0000 0000: p11cat.P11.getAuthState(Native Method): CS_GetSessionInfo returned Error 0x00000030 (CKR_DEVICE_ERROR)

  1. Verify HSM services are up and running.

  2. Check the cs_pkcs11_R3.cfg file has correct IP entry.

Keystore generation error

keytool error: java.io.IOException: load failed

Verify if pkcs11.cfg has been added proper slot entry which we have initialized.

Keytool command thrown ProviderException : Initialization failed

keytool error: java.security.ProviderException: Initialization failed :

The ProviderException means that the linking configuration file (pkcs11.cfg) is wrong in some way. (.so/.dll not found or not accessible, etc). If the environment configuration file (pointed to by CS_PKCS11_R3_CFG) has an invalid Device line, (NO_DEVICE_AVAILABLE).

keytool command shows exception as java.security.NoSuchProviderException: no such provider: SunPKCS11-CryptoServer.

  1. Make sure java.security file located at

<JDK_Installation_directory>/Jre/lib/Security has entry for utimaco provider entry: security.provider.<index>=sun.security.pkcs11.SunPKCS11

<path to pkcs11.cfg>

  1. Check that the pkcs11.cfg is correctly formatted and syntactically correct.

  2. Verify that the pkcs11.cfg name field is set to "CryptoServer".

List of Errors and their Diagnoses