Re: coolkey with stunnel-nss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Robert Relyea wrote:
Matt Anderson wrote:
Robert Relyea wrote:
The name of your coolkey module is "Matt R Anderson"
The nickname of your cert is  either:
"Matt R Anderson:CAC ID Certificate"

Ohh.. that worked! When I give certutil the option -h "Matt R Anderson" I only see the certificate on the token. Same thing when I only give it -n "Matt R Anderson:CAC ID Certificate".
Did cerutil -n actually list your certificate, or did it fail?

(certutil -L -d /home/mra/.nssdb -n "Matt R Anderson:CAC ID Certificate" should actually print the certificate out).

That prints out my certificate.

When I try listing "Matt R Anderson:CAC ID Certificate" as my cert in the stunnel.conf file however I still get the same sort of error.

2008.08.20 15:01:31 LOG7[22137:139871568]: Certificate: "Matt R Anderson:CAC ID Certificate" 2008.08.20 15:01:31 LOG3[22137:139871568]: PK11_FindCertFromNickname: Unknown code ___f 65(-8127,0)
The error code is:
SEC_ERROR_NO_TOKEN                          =   (SEC_ERROR_BASE + 65)

My current theory is that stunnel is not openning up your coolkey device. It may be because it is opening a different NSS database.

I don't think that's the case. I did an strace and the only NSS-like database open that I saw was this one
open("/home/mra/.nssdb/secmod.db", O_RDONLY) = 4

Which is the right location. I can use stunnel to make use of other certifcates loaded into my NSS db, just not the one on my CAC cards.


Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux