read cert from smart card

David Woodhouse dwmw2 at
Thu Feb 25 04:00:33 PST 2016

On Thu, 2016-02-25 at 13:39 +0200, Mithat Bozkurt wrote:
> BTW I am getting e-mail with subject is " Your message to p11-glue
> awaits moderator approval" from p11-glue.

It might be one of those horrid lists which require you to subscribe
before you post to it.

Or maybe it just hates you for top-posting. :)

> Do I remove the p11-glue from recipients or remain same?

Let's drop it. I think the interesting part for now is in p11tool
(which is part of GnuTLS and hence Nikos' problem) rather than p11-kit

Try extracting your cert with OpenSC's pkcs11-tool instead:

  pkcs11-tool -module /usr/lib/ -l -a 62917107586NES0 -y cert -r -o nescert.der
  openssl x509 -inform DER -in nescert.der -noout -text

When that doesn't work, install the pkcs11-spy module (which on Fedora
would be /usr/lib64/pkcs11/ Then:

 export PKCS11SPY=/usr/lib/

and repeat the p11tool/pkcs11-tool invocations to extract the cert, but
using as the provider instead of (directly) using the
akis module. Show the full output of those commands.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list