Matt: You can try the following to get some debug info from CoolKey. 1. In the terminal from which you launch your app do: export COOL_KEY_LOG_FILE=/tmp/cool.txt 2. Run your program. 3. After it fails take a look at /tmp/cool.txt, it may have some clues. Matt Anderson wrote:
I'm still trying to use Coolkey for remote access as in https://www.redhat.com/mailman/private/coolkey-devel/2008-March/msg00000.htmlonly now I've switched from OpenSSL stunnel to NSS based stunnel (stunnel-5.0-alpha1). I've got a local NSS db in ~/.nssdb which I've already used modutil to populate:[mra@orb ~]$ modutil -add "coolkey" -libfile /usr/lib/pkcs11/libcoolkeypk11.so -dbdir ~/.nssdbWARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running,you should exit browser before continuing this operation. Type 'q <enter>' to abort, or <enter> to continue: Module "coolkey" added to database. [mra@orb ~]$ certutil -L -d ~/.nssdb -h all Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Enter Password or Pin for "Matt R Anderson": <Here I enter my CAC pin> Matt R Anderson:CAC ID Certificate u,u,u From there I've set myself up with this stunnel.conf file: debug = debug foreground = yes pid = /home/mra/stunnel.pid database = /home/mra/.nssdb [http] client = yes cert = "Matt R Anderson" accept = localhost:8080 connect = http.access.hp.com:443 However when I run `stunnel ~/stunnel.conf` I get this error:2008.08.18 17:35:55 LOG7[31548:154748240]: Snagged 64 random bytes from /dev/urandom2008.08.18 17:35:55 LOG7[31548:154748240]: PRNG seeded successfully 2008.08.18 17:35:55 LOG7[31548:154748240]: Certificate: "Matt R Anderson"2008.08.18 17:35:55 LOG3[31548:154748240]: PK11_FindCertFromNickname: Unknown code ___f 18(-8174,0) 2008.08.18 17:35:55 LOG3[31548:154748240]: Error reading certificate: "Matt R Anderson"When I run certutil I get prompted for a pin, but that doesn't happen when I try to use the token via stunnel. Am I referencing the CAC token correctly? Any suggestions?-matt _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel