NetworkManager Openconnect and PKCS11

Mon Dec 6 04:58:46 PST 2021

Ignore my request, helps if I set user permissions correctly on
/etc/tpm2_pkcs11/

On Mon, Dec 6, 2021 at 12:55 PM Grant Williamson <traxtopel at gmail.com> wrote:
>
> Connecting using the command line works.
>
> openconnect --csd-wrapper=/usr/share/ibm-config-NetworkManager-openconnect/csd.sh
> -k "pkcs11:manufacturer=STMicro;serial=0000000000000000;token=label;id=%32%31%66%61%39%32%34%37%34%66%63%39%61%66%61%62;type=private;pin-value=userpin"
> -c 12345-VPN.cer https://myvpn.com
>
> Creating the following profile.
> nmcli connection add type vpn vpn.service-type openconnect con-name
> digicert vpn.data "gateway=myvpn.com, authtype=cert,
> usercert=/home/nl96137/.cisco/certificates/client/12345-VPN.cer,
> userkey=pkcs11:manufacturer=STMicro;serial=0000000000000000;token=label;id=%32%31%66%61%39%32%34%37%34%66%63%39%61%66%61%62;type=private;pin-value=userpin,
> csd_wrapper=/usr/share/ibm-config-NetworkManager-openconnect/csd.sh"
>
> Results in
> Error importing PKCS#11 URL
> pkcs11:manufacturer=STMicro;serial=0000000000000000;token=label;id=%32%31%66%61%39%32%34%37%34%66%63%39%61%66%61%62;type=private;pin-value=userpin.
> The requested PKCS #311 object is not available,
> Loading certificate failed.
>
> Running RHEL 8.5
> NetworkManager-1.32.10
> NetworkManager-openconnect-1.2.6
>
> Any clues to what I am doing wrong?