I'm still trying to use Coolkey for remote access as in
only now I've switched from OpenSSL stunnel to NSS based stunnel
(stunnel-5.0-alpha1). I've got a local NSS db in ~/.nssdb which I've
already used modutil to populate:
[mra@orb ~]$ modutil -add "coolkey" -libfile
/usr/lib/pkcs11/libcoolkeypk11.so -dbdir ~/.nssdb
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type
'q <enter>' to abort, or <enter> to continue:
Module "coolkey" added to database.
[mra@orb ~]$ certutil -L -d ~/.nssdb -h all
Certificate Nickname Trust
Enter Password or Pin for "Matt R Anderson": <Here I enter my CAC pin>
Matt R Anderson:CAC ID Certificate u,u,u
From there I've set myself up with this stunnel.conf file:
debug = debug
foreground = yes
pid = /home/mra/stunnel.pid
database = /home/mra/.nssdb
client = yes
cert = "Matt R Anderson"
accept = localhost:8080
connect = http.access.hp.com:443
However when I run `stunnel ~/stunnel.conf` I get this error:
2008.08.18 17:35:55 LOG7[31548:154748240]: Snagged 64 random bytes from
2008.08.18 17:35:55 LOG7[31548:154748240]: PRNG seeded successfully
2008.08.18 17:35:55 LOG7[31548:154748240]: Certificate: "Matt R Anderson"
2008.08.18 17:35:55 LOG3[31548:154748240]: PK11_FindCertFromNickname:
Unknown code ___f 18(-8174,0)
2008.08.18 17:35:55 LOG3[31548:154748240]: Error reading certificate:
"Matt R Anderson"
When I run certutil I get prompted for a pin, but that doesn't happen
when I try to use the token via stunnel. Am I referencing the CAC token
correctly? Any suggestions?
Coolkey-devel mailing list