CAC modules
Mike Miller
mtmiller at ieee.org
Mon Jul 16 15:26:21 EDT 2012
On Mon, Jul 16, 2012 at 1:17 PM, Mcclelland, Michael B Mr CTR USN USA wrote:
> I've almost got things working on Ubuntu but I'm having the same issue
> I did under fedora with the tokens being visible via p11tool but the
> Openconnect client not being able to pull them. LIBGNUTLS28-DEV is
> installed.
Are you installing binaries from my PPA now or are you still building
from source? Are you still working with 4.04 or have you switched to
4.05 since that was released?
> view at view-virtual-machine:~$ sudo p11tool --list-certs --login
> [...]
> view at view-virtual-machine:~$ openconnect -c 'pkcs11:token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%03;object=CAC%20Email%20Encryption%20Certificate' https://server.domain
> Attempting to connect to 198.253.24.115:443
> Failed to open certificate file pkcs11:token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%03;object=CAC%20Email%20Encryption%20Certificate: No such file or directory
> Loading certificate failed. Aborting.
> Failed to open HTTPS connection to server.domain
> Failed to obtain WebVPN cookie
This looks like OpenConnect is using OpenSSL for the certificate
argument rather than GnuTLS. What does 'openconnect --version' display?
--
mike
More information about the openconnect-devel
mailing list