I can't help you with the specific problem [:-(] but I can "help" you with a diagnostic at least. Which is? Smart card vendors have spent decades on fighting each other on the spec/middleware side and naturally we all have to pay the price.
Tokens for consumers have therefore been [rightfully] rejected on the pragmatic US market. Is there a workaround? Yes, instead of chasing middleware issues another 10 years or so, I think that "the authentication people" including Mozilla should define a token with a standard interface that is included in the platform itself regardless if that is Firefox or Windows. The opposite to that is the OpenSC project where every card profile, vendor, and local country variation is treated as "feature", while it from a usability point-of-view is really more like a bug". Anders ----- Original Message ----- From: "Udo Puetz" <inexg...@googlemail.com> Newsgroups: mozilla.dev.tech.crypto To: <dev-tech-crypto@lists.mozilla.org> Sent: Thursday, July 02, 2009 11:58 Subject: Problem reading certificate from hardware token Hi all, I've googled to and fro and have only found another poster having roughly the same problem as I. The situation is this: I want to authenticate against a juniper SA 2500 firewall with a user and password AND a certificate. I have a safenet iKey 1032 token where I imported the p12 certificate. In firefox (tried 2.0.x, 3.0.x and 3.5.x) I imported the safenet K1PK112.DLL PKCS#11 module. In the firefox cryptography module manager I now see the token and can (after entering the pin) see the certificate. So firefox _can_ read the certificate off of the token. But when I go to the juniper firewall website I get the error message that the certificate can't be found. When I (for testing) take out the token and import the p12 certificate directly into the firefox certificate store I can authenticate against the juniper firewall website with user and pass and the certificate. So the problem seems to be that in the cyrpto module manager firefox can read a certificate off of a token and can't read it off when queried by a website. Where would you think is the problem? Is it within firefox or a problem with the third-party pkcs#11 module? (I'm also in contact with the safenet folks) Thanks a lot, regards Udo Puetz -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
