Trying to get over the last hill but I'm coming up short. I've tried multiple combinations of syntax but what I'm inputting doesn't seem to work. I'll retry the Ubuntu build based on your suggestions as soon as possible I'm just tunnel vision on Fedora since I'm so close. openconnect -c 'pkcs11:id=%00%01;object=CAC%20ID%20Certificate;' https://testtesttest.test Attempting to connect to xxx.xxx.xx.xxx:443 Error importing PKCS#11 URL pkcs11:id=%00%01;object=CAC%20ID%20Certificate;object-type=private;pin-source=openconnect%3a0x9fa2f90: The requested data were not available. Loading certificate failed. Aborting. Failed to open HTTPS connection to testtesttest.test Failed to obtain WebVPN cookie [root at fedora view]# Output from p11tools --list-all-certs --login Object 136: URL: pkcs11:library-description=CoolKey%20PKCS%20%2311%20Module%20%20%20%20%20%00%00%00;library-manufacturer=Mozilla%20Foundation;model=%20;manufacturer=%20;serial=%20;token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%01;object=CAC%20ID%20Certificate;object-type=cert Type: X.509 Certificate Label: CAC ID Certificate ID: 00:01 Object 137: URL: pkcs11:library-description=CoolKey%20PKCS%20%2311%20Module%20%20%20%20%20%00%00%00;library-manufacturer=Mozilla%20Foundation;model=%20;manufacturer=%20;serial=%20;token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%02;object=CAC%20Email%20Signature%20Certificate;object-type=cert Type: X.509 Certificate Label: CAC Email Signature Certificate ID: 00:02 Object 138: URL: pkcs11:library-description=CoolKey%20PKCS%20%2311%20Module%20%20%20%20%20%00%00%00;library-manufacturer=Mozilla%20Foundation;model=%20;manufacturer=%20;serial=%20;token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%03;object=CAC%20Email%20Encryption%20Certificate;object-type=cert Type: X.509 Certificate Label: CAC Email Encryption Certificate ID: 00:03 Thanks again for taking the time MM -----Original Message----- From: David Woodhouse [mailto:dwmw2 at infradead.org] Sent: Wednesday, July 11, 2012 5:28 PM To: Mcclelland, Michael B Mr CTR USN USA Cc: openconnect-devel at lists.infradead.org Subject: Re: CAC modules On Wed, 2012-07-11 at 16:35 -0400, Mcclelland, Michael B Mr CTR USN USA wrote: > So if I understand you right... > out of the full: > pkcs11:library-description=CoolKey%20PKCS%20%2311%20Module%20%20%20%20%20%00%00%00;library-manufacturer=Mozilla%20Foundation;model=%20;manufacturer=%20;serial=%20;token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%03;object=CAC%20Email%20Encryption%20Certificate;object-type=private > > I just use > Pkcs11: CoolKey%20PKCS%20%2311%20Module%20%20%20%20%20%00%00%00 > > Sorry for asking to be spoon fed. I have very limited attempts to login before my card locks itself It doesn't *hurt* to use the whole thing, but you ought to get away with just pkcs11:id=%00%03;object=CAC%20Email%20Encryption%20Certificate Hopefully your token shouldn't lock you out just for using an object that doesn't exist; only if you get the PIN wrong? -- dwmw2
