[BUG] Crypto token is offline: org.signserver.common.SignServerException: Failed to initialize crypto token: SHAREDLIBRARYNAME YubiHSM2 is not referring to a defined value

[daniel123-sudo]

Describe the Bug

A clear and concise description of what the bug is.

I deployed Signserver CE container with cryptotoken configuration point to YubiHSM2 library.
SHAREDLIBRARYNAME = YubiHSM2

But i received errors that only SHAREDLIBRARYNAME YubiHSM2 is not referring to a defined value. Available library names: PKCS11 Spy

I defined YubiHSM2 library in file signserver/conf/signserver_deploy.properties as below

To Reproduce

Steps to reproduce the behavior:

1. Create file pkcs11-crypto-configuragtion.properties with following contents

WORKER1.ATTRIBUTES=attributes(generate,CKO_PUBLIC_KEY,) = {\n CKA_TOKEN = false\n CKA_ENCRYPT = false\n CKA_VERIFY = true\n CKA_WRAP = false\n}\nattributes(generate, CKO_PRIVATE_KEY,) = {\n CKA_TOKEN = true\n CKA_PRIVATE = true\n CKA_SENSITIVE = true\n CKA_EXTRACTABLE = false\n CKA_DECRYPT = false\n CKA_SIGN = true\n CKA_UNWRAP = false\n}
WORKER1.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.PKCS11CryptoToken
WORKER1.TYPE=CRYPTO_WORKER
WORKER1.NAME=CryptoTokenP11
WORKER1.IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker
WORKER1.SHAREDLIBRARYNAME=YubiHSM2
WORKER1.SLOTLABELVALUE=0
WORKER1.SLOTLABELTYPE=SLOT_NUMBER
WORKER1.DEFAULTKEY=testkey

2. Set properties and reload configuration
   [root@signserver1 keyfactor]# bin/signserver setproperties pkcs11-crypto-configuragtion.properties

bin/signserver reload 1

3. Active cryptotoken

bin/signserver activatecryptotoken 1

Expected Behavior

Successfully activate crypto token with SHAREDLIBRARYNAME point to YubiHSM2

Screenshots and Logs

If applicable, add screenshots and logs to help explain your problem.

Product Deployment

Please complete the following information:

• Deployment format: container]
• Version 6.3.0

Additional Context

Add any other context about the problem here.

[mlundblad]

Hi!

When using the container I think you will need to mount in the path of the shared library so that it's "visible" inside the container.

I think the path /usr/lib/x86.64-1inux-gnu/pkes11/yubihsm_pkcs11.so refers to the file system on the host, so this library would then need to be "mounted" into the container.

[netmackan]

I'm converting this to a discussion as it looks more like a configuration issue.