000023967 - Installation of RSA Key Manager with a netHSM

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023967
Applies ToRSA Key Manager Server 2.0.2
WebSphere 6.0.2
netHSM
Issue

RSA Key Manager Server 2.0.2 Error


An unexpected error has occurred. Click Show Detail for more information. Contact your System Administrator for assistance.
com.ncipher.provider.nCBadStateException: The card in the slot is an administrator card.
com.ncipher.provider.nCBadStateException: The card in the slot is an administrator card. at
 com.ncipher.provider.km.nCipherKM.getCardSet(nCipherKM.java:594) at
 com.ncipher.provider.km.nCipherKM.generateKey(nCipherKM.java:367) at
 com.ncipher.provider.km.KMRijndaelKeyGenerator.engineGenerateKey(KMRijndaelKeyGenerator.java:50) at
 javax.crypto.KeyGenerator.generateKey(Unknown Source) at
 com.rsa.kms.crypto.operation.DefaultCryptoOperations.generateKey(DashoA10*..:98) at
 com.rsa.kms.crypto.provider.DefaultProviderEnforcer.a(DashoA10*..:110) at
 com.rsa.kms.crypto.provider.DefaultProviderEnforcer.enforce(DashoA10*..:71) at
 com.rsa.kms.init.DefaultInitialiser.d(DashoA10*..:105) at
 com.rsa.kms.init.DefaultInitialiser.getSecurityConfiguration(DashoA10*..:51) at
 com.rsa.kms.crypto.operation.DefaultCryptoOperationsWirer.a(DashoA10*..:28) at
 com.rsa.kms.crypto.operation.DefaultCryptoOperationsWirer.get(DashoA10*..:22) at
 com.rsa.kms.keystore.hsm.DefaultHsmKeyStoreWirer.get(DashoA10*..:35) at
 com.rsa.kms.keystore.core.DefaultKeyStoreFactory.f(DashoA10*..:67) at
 com.rsa.kms.keystore.core.DefaultKeyStoreFactory.b(DashoA10*..:46) at
 com.rsa.kms.keystore.core.DefaultKeyStoreFactory.a(DashoA10*..:36) at
 com.rsa.kms.keystore.core.DefaultKeyStoreFactory.get(DashoA10*..:31) at
 com.ibm._jsp._main._jspService(_main.java:380) at
 com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:88) at
 javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at
 com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1282) at
 com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1239) at
 com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:136) at
 com.rsa.kms.transport.filter.InputSanitizer.doFilter(DashoA10*..:84) at
 com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:142) at
 com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:121) at
 com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:82) at
 com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:670) at
 com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:117) at
 com.ibm.ws.jsp.webcontainerext.JSPExtensionServletWrapper.handleRequest(JSPExtensionServletWrapper.java:178) at
 com.ibm.ws.jsp.webcontainerext.JSPExtensionProcessor.handleRequest(JSPExtensionProcessor.java:241) at
 com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:2905) at
 com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:220) at
 com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:204) at
 com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1829) at
 com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:84) at
 com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:469) at
 com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:408) at
 com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:101) at
 com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:566) at
 com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:619) at
 com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:952) at
 com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1039) at
 com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Cause

An nCipher netHSM device has two different types of smart cards.  Firstly there are administrator cards which are used to authorize access to the device itself to allow reconfiguration and other administrative tasks, the other type of card is a card from an Operater Card Set (OCS) which enables specific crypto features  relating to a SecureWorld configuration.

For standard operation (including installation of RSA Key Manager) the correct type of card will be a card from an OCS; if an administrator card is left inserted then the above error will be generated on the web browser.

ResolutionEnsure that after the netHMS has been configured that the approriate card (from an OCS) is inserted into the netHSm before proceeding with the installation and configuration of the RSA Key Manager system.
WorkaroundThe RSA Key Manager system has just been restarted during part of the installaiton process
Legacy Article IDa36312

Attachments

    Outcomes