On Thu, Dec 4, 2014 at 12:12 AM, mrainey <michael.rainey.ctr at nrlssc.navy.mil> wrote: > Hello, > From here I run the command > openconnect -c > 'pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=06b508843810d7f6;token=PIV_II%20%28PIV%20Card%20Holder%20pin%29;id=%01;object=PIV%20AUTH%20key' > vpn.server.srv What do you get from p11tool --list-all? Could you try explicitly setting the certificate and the key? You can obtain additional debugging information by putting GNUTLS_DEBUG_LEVEL=3 on the environment. Do you see any difference in behavior with the latest gnutls 3.2 version? regards, Nikos