CAC modules

David Woodhouse dwmw2 at
Wed Jul 11 17:27:37 EDT 2012

On Wed, 2012-07-11 at 16:35 -0400, Mcclelland, Michael B Mr CTR USN USA
> So if I understand you right...
>  out of the full: 
> pkcs11:library-description=CoolKey%20PKCS%20%2311%20Module%20%20%20%20%20%00%00%00;library-manufacturer=Mozilla%20Foundation;model=%20;manufacturer=%20;serial=%20;token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%03;object=CAC%20Email%20Encryption%20Certificate;object-type=private
> I just use
> Pkcs11: CoolKey%20PKCS%20%2311%20Module%20%20%20%20%20%00%00%00
> Sorry for asking to be spoon fed.  I have very limited attempts to login before my card locks itself

It doesn't *hurt* to use the whole thing, but you ought to get away with
just pkcs11:id=%00%03;object=CAC%20Email%20Encryption%20Certificate

Hopefully your token shouldn't lock you out just for using an object
that doesn't exist; only if you get the PIN wrong?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list