[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT

To: heimdal-discuss@sics.se, mkondrin <mkondrin@hppi.troitsk.ru>
Subject: Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT
From: MKondrin <mkondrin@hppi.troitsk.ru>
Date: Fri, 25 Apr 2008 16:51:35 +0400
In-Reply-To: <480C4CA0.30702@hppi.troitsk.ru>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <480C4CA0.30702@hppi.troitsk.ru>
Reply-To: heimdal-discuss@sics.se, MKondrin <mkondrin@hppi.troitsk.ru>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070601 SeaMonkey/1.1.2

mkondrin wrote:
> Dear Heimdal developers and users!
>
> How should I make certtificates to be usable with pkinit and soft-pkcs 
> module.
> I have made self-signed certificates with hxtool. I have installed 
> soft-pkcs11 module too. I have placed tab-separated .soft-token.rc 
> file in my home directory:
>
> mike     "Certificate for user mike"      /home/mike/secure/mike.pem
> anchor   CA cert           /etc/ssl/ca.crt
>
> But when I call
>
> kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
>
> it asks me about PIN code for certificate and after I simply hit Enter 
> aborts.
>
> I think that PIN-code for "home-made" certificates is a passphrase for 
> encrypted certificates but is it possible with hxtool to make 
> encrypted certificates ?
>
> Thank you in advance!
>
> M.Kondrin
>
I slightly changed .soft-token.rc (I just split my pem certificate in two):

mike    Certificate of user mike    /home/mike/secure/mike.crt    
/home/mike/secure/mike.key
anchor    CAcert    /etc/ssl/ca.crt

But with no avail:
kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
kinit: krb5_get_init_creds_opt_set_pkinit: Failed to init cert certs: 
Failed to get mech info for slot 0

M.Kondrin

Follow-Ups:
- Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT
  - From: Love Hörnquist Åstrand <lha@kth.se>

References:
- "Home-made" PKCS certificates, soft-pkcs and PKINIT
  - From: mkondrin <mkondrin@hppi.troitsk.ru>

Prev by Date: Likewise Open, AD, Heimdal, and PKINT?
Next by Date: Blackbox test for kpasswd
Prev by thread: "Home-made" PKCS certificates, soft-pkcs and PKINIT
Next by thread: Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT
Index(es):
- Date
- Thread