Re: coolkey with stunnel-nss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Matt Anderson wrote:
Robert Relyea wrote:
The name of your coolkey module is "Matt R Anderson"
The nickname of your cert is  either:
"Matt R Anderson:CAC ID Certificate"

Ohh.. that worked! When I give certutil the option -h "Matt R Anderson" I only see the certificate on the token. Same thing when I only give it -n "Matt R Anderson:CAC ID Certificate".
Did cerutil -n actually list your certificate, or did it fail?

(certutil -L -d /home/mra/.nssdb -n "Matt R Anderson:CAC ID Certificate" should actually print the certificate out).


When I try listing "Matt R Anderson:CAC ID Certificate" as my cert in the stunnel.conf file however I still get the same sort of error.

2008.08.20 15:01:31 LOG7[22137:139871568]: Certificate: "Matt R Anderson:CAC ID Certificate" 2008.08.20 15:01:31 LOG3[22137:139871568]: PK11_FindCertFromNickname: Unknown code ___f 65(-8127,0)
The error code is:
SEC_ERROR_NO_TOKEN                          =   (SEC_ERROR_BASE + 65)

My current theory is that stunnel is not openning up your coolkey device. It may be because it is opening a different NSS database.

bob
2008.08.20 15:01:31 LOG3[22137:139871568]: Error reading certificate: "Matt R Anderson:CAC ID Certificate"

Below is the stunnel.conf file I'm using, is there something that I am missing from it that would tell it to use the coolkey module?

debug = debug
foreground = yes
pid = /home/mra/stunnel.pid
database = /home/mra/.nssdb

[http]
client = yes
cert = "Matt R Anderson:CAC ID Certificate"
accept = localhost:8080
connect = remotehost:443

-matt

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux