Matt Anderson wrote:
Robert Relyea wrote:The name of your coolkey module is "Matt R Anderson" The nickname of your cert is either: "Matt R Anderson:CAC ID Certificate"Ohh.. that worked! When I give certutil the option -h "Matt R Anderson" I only see the certificate on the token. Same thing when I only give it -n "Matt R Anderson:CAC ID Certificate".
Did cerutil -n actually list your certificate, or did it fail?(certutil -L -d /home/mra/.nssdb -n "Matt R Anderson:CAC ID Certificate" should actually print the certificate out).
When I try listing "Matt R Anderson:CAC ID Certificate" as my cert in the stunnel.conf file however I still get the same sort of error.2008.08.20 15:01:31 LOG7[22137:139871568]: Certificate: "Matt R Anderson:CAC ID Certificate" 2008.08.20 15:01:31 LOG3[22137:139871568]: PK11_FindCertFromNickname: Unknown code ___f 65(-8127,0)
The error code is: SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65)My current theory is that stunnel is not openning up your coolkey device. It may be because it is opening a different NSS database.
bob
2008.08.20 15:01:31 LOG3[22137:139871568]: Error reading certificate: "Matt R Anderson:CAC ID Certificate"Below is the stunnel.conf file I'm using, is there something that I am missing from it that would tell it to use the coolkey module?debug = debug foreground = yes pid = /home/mra/stunnel.pid database = /home/mra/.nssdb [http] client = yes cert = "Matt R Anderson:CAC ID Certificate" accept = localhost:8080 connect = remotehost:443 -matt
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel