read cert from smart card
David Woodhouse
dwmw2 at infradead.org
Wed Feb 24 07:49:12 PST 2016
On Wed, 2016-02-24 at 15:19 +0200, Mithat Bozkurt wrote:
> I am running on ubuntu
>
> mithat at adige:/etc/pkcs11/modules$ p11tool --export
> 'pkcs11:serial=0036218D34081A32;object=62917107586SIGN0;type=cert' |
> openssl x509 -noout -text
> Error in pkcs11_export:257: The requested data were not available.
> unable to load certificate
That's odd. After p11tool --list-all showed that object:
Object 0:
URL: pkcs11:model=AKIS%20V1.2%00%00%00%00%00%00%00;manufacturer=TUBITAK-UEKAE%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00;serial=0036218D34081A32;token=Akis%00A%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff;id=%fd%90%0c%3b%c4%20%b0%b4%39%f7%1e%fa%02%ef%df%45%50%91%8f%c4;object=62917107586SIGN0;type=cert
Type: X.509 Certificate
Label: 62917107586SIGN0
ID: fd:90:0c:3b:c4:20:b0:b4:39:f7:1e:fa:02:ef:df:45:50:91:8f:c4
... I did kind of expect that 'p11tool --export' would also find it.
Can you try with the *full* URI as cited above, with none of the fields
elided?
Also, just *try* it with OpenConnect (either the simplified of the full
versions, albeit without the ;type= part). It might work there even if
p11tool is being recalcitrant.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160224/b69599c6/attachment.bin>
More information about the openconnect-devel
mailing list