On Thu, Feb 25, 2016 at 8:15 AM, Mithat Bozkurt <mithatbozkurt at gmail.com> wrote: > mithat at adige:~$ p11tool -v > p11tool 3.3.15 > Copyright (C) 2000-2015 Free Software Foundation, and others, all > rights reserved. > This is free software. It is licensed for use, modification and > redistribution under the terms of the GNU General Public License, > version 3 or later <http://gnu.org/licenses/gpl.html> > mithat at adige:~$ p11tool -d 4 --export > 'pkcs11:serial=0036218D34081A32;object=62917107586NES0;type=cert' > Setting log level to 4 > |<2>| p11: Initializing module: p11-kit-trust > |<2>| p11: Initializing module: akis > |<2>| p11: Initializing module: gnome-keyring > |<3>| ASSERT: pkcs11.c:503 > |<2>| Initializing PKCS #11 modules > |<2>| p11: Skipped object, missing attrs. > |<3>| ASSERT: pkcs11.c:1758 > |<3>| ASSERT: pkcs11.c:1685 > |<3>| ASSERT: pkcs11.c:1824 > Error in pkcs11_export:257: The requested data were not available. > I don't understand why I export cert to file. I think device should > block this action because this is my e-signature cert. If the certificate is not exportable then you cannot use it for openconnect or any other application (note that this is the 'certificate' which has public parameters, not the private key). Have you tried adding --login to the export command line? regards, Nikos
