Robert Relyea wrote:
Matt Anderson wrote:
Robert Relyea wrote:
The name of your coolkey module is "Matt R Anderson"
The nickname of your cert is either:
"Matt R Anderson:CAC ID Certificate"
Ohh.. that worked! When I give certutil the option -h "Matt R
Anderson" I only see the certificate on the token. Same thing when I
only give it -n "Matt R Anderson:CAC ID Certificate".
Did cerutil -n actually list your certificate, or did it fail?
(certutil -L -d /home/mra/.nssdb -n "Matt R Anderson:CAC ID
Certificate" should actually print the certificate out).
That prints out my certificate.
When I try listing "Matt R Anderson:CAC ID Certificate" as my cert in
the stunnel.conf file however I still get the same sort of error.
2008.08.20 15:01:31 LOG7[22137:139871568]: Certificate: "Matt R
Anderson:CAC ID Certificate"
2008.08.20 15:01:31 LOG3[22137:139871568]: PK11_FindCertFromNickname:
Unknown code ___f 65(-8127,0)
The error code is:
SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65)
My current theory is that stunnel is not openning up your coolkey
device. It may be because it is opening a different NSS database.
I don't think that's the case. I did an strace and the only NSS-like
database open that I saw was this one
open("/home/mra/.nssdb/secmod.db", O_RDONLY) = 4
Which is the right location. I can use stunnel to make use of other
certifcates loaded into my NSS db, just not the one on my CAC cards.
-matt
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
