[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT
> Dear Heimdal developers and users!
> How should I make certtificates to be usable with pkinit and soft-pkcs
> I have made self-signed certificates with hxtool. I have installed
> soft-pkcs11 module too. I have placed tab-separated .soft-token.rc
> file in my home directory:
> mike "Certificate for user mike" /home/mike/secure/mike.pem
> anchor CA cert /etc/ssl/ca.crt
> But when I call
> kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
> it asks me about PIN code for certificate and after I simply hit Enter
> I think that PIN-code for "home-made" certificates is a passphrase for
> encrypted certificates but is it possible with hxtool to make
> encrypted certificates ?
> Thank you in advance!
I slightly changed .soft-token.rc (I just split my pem certificate in two):
mike Certificate of user mike /home/mike/secure/mike.crt
anchor CAcert /etc/ssl/ca.crt
But with no avail:
kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
kinit: krb5_get_init_creds_opt_set_pkinit: Failed to init cert certs:
Failed to get mech info for slot 0