[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Home-made" PKCS certificates, soft-pkcs and PKINIT

mkondrin wrote:
> Dear Heimdal developers and users!
> How should I make certtificates to be usable with pkinit and soft-pkcs 
> module.
> I have made self-signed certificates with hxtool. I have installed 
> soft-pkcs11 module too. I have placed tab-separated .soft-token.rc 
> file in my home directory:
> mike     "Certificate for user mike"      /home/mike/secure/mike.pem
> anchor   CA cert           /etc/ssl/ca.crt
> But when I call
> kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
> it asks me about PIN code for certificate and after I simply hit Enter 
> aborts.
> I think that PIN-code for "home-made" certificates is a passphrase for 
> encrypted certificates but is it possible with hxtool to make 
> encrypted certificates ?
> Thank you in advance!
> M.Kondrin
I slightly changed .soft-token.rc (I just split my pem certificate in two):

mike    Certificate of user mike    /home/mike/secure/mike.crt    
anchor    CAcert    /etc/ssl/ca.crt

But with no avail:
kinit -C PKCS11:/usr/local/lib/soft-pkcs11.so mike
kinit: krb5_get_init_creds_opt_set_pkinit: Failed to init cert certs: 
Failed to get mech info for slot 0