Could not read CA private key from org.openssl.engine:pkcs11:slot_0-id_2

[AaronForce1]

After ensuring opensc-pkcs11 library is updated to 0.24 - openssl (v3) doesn't seem to work with this integration. Keen to explore if it's something I've done wrong or genuinely a problem with the latest versions of OpenSSL

./scripts/yk-sign-int.sh CA INT_CA
Signing intermediate certificate: CA/CA.crt with CA/INT_CA.crt
Engine "pkcs11" set.
Certificate request self-signature ok
subject=C = HK, ST = HK, O = ORG, OU = Security, CN = CA
The private key was not found on slot 0
The private key was not found on slot 0
The private key was not found at: slot_0-id_2
PKCS11_get_private_key returned NULL
Could not read CA private key from org.openssl.engine:pkcs11:slot_0-id_2
:error:40000065:pkcs11 engine:ERR_ENG_error:object not found:eng_back.c:887:
:error:13000080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:79:

[ryankurte]

iinteresting, it's been a while since i've looked at this but there's a bit of tomfoolery related to the uses of each slot. did the steps up to signing an intermediate (particularly yk-load.sh to get the certificate and key loaded onto the CA yubikey) work? and does ykman piv info show the CA certificate and key as loaded?