SSL connection failure: PKCS #11 error

Grant Williamson traxtopel at
Wed Mar 6 03:44:58 PST 2024

I am attempting to transition our existing environment of signed
Digicert certificates from RSA-4096 to ECC256. The digicert one
signing process appears to work.
When using a software-emulated TPM, the connection is succesful.

When I try hardware tpm(3 laptops) I encounter the folowing problem
ERROR: Esys_Sign: tpm:parameter(1):structure is the wrong size
SSL connection failure: PKCS #11 error.

I have tried generating the csr to be signed using both tpm2-openssl
and pkcs11-provider, same result.

Maybe the following gives a clue. Any ideas?
(openconnect with --gnutls-debug=99 -v)

More information about the openconnect-devel mailing list