OK, I seem to have narrowed it down. It's an SCR-331 CaC reader. Once I tried a different model, it works without a problem.
That being said, I used the SCR-331 for years without an issue. Did pcscd have an update in the last few months that would have affected support? I last used the card reader in May and had been using it without incident. On Thu, Oct 3, 2013 at 2:21 PM, Howdy Dood <h0wdyd3...@gmail.com> wrote: > Douglas, > > Thanks for your help. > > It uses the card in that it prompts for pin, then prompts for which cert > to use. On sites that use Digital signature certificate, they work fine. > On sites, such as webmail, that use email certificate, I get those errors. > > That being said, both types of certs/sites work on my f19 laptop:( > > How do I see if I'm missing some such certificates? My issue is I get the > same error with firefox, chrome, and davmail, and with any user I > create/try. > > I attached the debug, but didn't see anything relevant. Prior to this > email, I had to use virtualbox in order to send an email that I had to > send. Pretty frustrating:O > > > On Thu, Oct 3, 2013 at 2:10 PM, Douglas E. Engert <deeng...@anl.gov>wrote: > >> >> On 10/3/2013 1:02 PM, Howdy Dood wrote: >> >> Douglas, thanks, but as I said, it works on the exact same site with >> another machine. The site is not down. I'm using it right now through >> virtualbox with windows 8. >> >> It seems to only have the problem when using the email certificate, but >> not the digital signature certificate(those sites work). >> >> >> What does the pcscd debugging show? >> >> Does it even get far enough to use the card? >> >> Are you missing some CA certificates or intermediate certificates on the >> F19? >> >> I believe that on DoD CAC cards, the two certificates may be signed by >> different CAs >> with different trust chains. >> >> >> >> On Thu, Oct 3, 2013 at 12:16 PM, Douglas E. Engert <deeng...@anl.gov>wrote: >> >>> >>> On 10/3/2013 10:51 AM, Howdy Dood wrote: >>> >>> Hello, >>> >>> I have Fedora 19 on two machines. >>> >>> I use libcoolkey to use a Common Access Card's certificates to access >>> my webmail at http://www.foo.bar.gov >>> >>> However, since upgrading to F19 on machine two, although I am prompted >>> for pin, etc, and certs show, and I can choose the right cert, I get: >>> " >>> The connection was reset >>> >>> The connection to the server was reset while the page was loading." >>> >>> and on a related site, I get: >>> >>> "Unable to load the webpage because the server sent no data. >>> Error code: ERR_EMPTY_RESPONSE" >>> >>> On machine one, it works fine. I cannot figure out what the problem >>> is here. Same version of pcsc, same version of libcoolkey... on machine 2, >>> both firefox and chrome have this problem. >>> >>> Both machines are on the same network. >>> >>> On machine two, if I open up virtualbox and go to win8, and use CaC >>> there, I can access the site with IE. >>> >>> Any site that requires email signature certificate on card has this >>> problem. If the site requires digital ID certificate, it still works fine. >>> >>> >>> That sounds like the old version was caching the pin, and new version >>> is not, or not caching it correctly. >>> >>> For PIV cards, (and all newer CAC cards are both) when the signature >>> key is used to do a crypto >>> operation, the previous operation to the card must have been a verify >>> i.e. PIN is sent. >>> >>> You can run pcscd in debug mode, and watch the commands to the card to >>> get some more information. >>> >>> And as a previous responder said, it could be because the *.gov web >>> site is down... >>> >>> >>> >>> >>> Thanks for help >>> >>> >>> _______________________________________________ >>> Muscle mailing >>> listMuscle@lists.musclecard.comhttp://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com >>> >>> >>> -- >>> >>> Douglas E. Engert <deeng...@anl.gov> <deeng...@anl.gov> >>> Argonne National Laboratory >>> 9700 South Cass Avenue >>> Argonne, Illinois 60439 >>> (630) 252-5444 >>> >>> >>> _______________________________________________ >>> Muscle mailing list >>> Muscle@lists.musclecard.com >>> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com >>> >>> >> >> >> _______________________________________________ >> Muscle mailing >> listMuscle@lists.musclecard.comhttp://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com >> >> >> -- >> >> Douglas E. Engert <deeng...@anl.gov> <deeng...@anl.gov> >> Argonne National Laboratory >> 9700 South Cass Avenue >> Argonne, Illinois 60439 >> (630) 252-5444 >> >> >> _______________________________________________ >> Muscle mailing list >> Muscle@lists.musclecard.com >> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com >> >> >
_______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com