I ran a few tests with my own CAC card and when I do the following: certutil -L -d ./ -h COOLKEYThe -h specifies the module. It might be instructive to see what your stunnel code is doing. Is it referencing the module?
It always prompts me like this: Enter Password for Pin for "MAGNE.JACK.XXXXXXX": Here I type in the PIN for the smart card itself. As a result it shows a list of Certs on the card.When trying to list a particular certificate , certutil has a -n cert-name option which is the nickname of the cert as printed by certutil.
First try to simply have certutil print out your certificate on the screen. Once you have the name right, you should be good.
Matt Anderson wrote:
Robert Relyea wrote:Sounds like stunnel isn't loading the pkcs #11 module. Do you know where stunnel is opening it's certDB?I'm not sure. I added a database option to my stunnel.conf file and if I reference a certificate I've loaded in that database stunnel is able to find and use that. How could I tell which certDB its using?One thing I'm still not clear on is what name to use when referencing the certificate. Should I be using the name that coolkey prompts me to enter the PIN for, "Matt R Anderson", the name that shows up in the certutil output, "Matt R Anderson:CAC ID Certificate". Another option could be that I should use the module name, "CoolKey".-matt
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel