Christian Horn wrote: > Hi, > > > sorry to bug you again with this issue, but i want to > clean stuff up here. > > Using a Netkey-card that speaks TCOS2 i authenticate to firewalls > with OpenSwan as application. > The card has 4 keys (id 45-48) and 6 certs (id 45,45,46,47,47,48). > Accessing the key with id 47 from OpenSwan (using libopensc) the > first cert with id 47 is used, file df01c200 on the card. The one > needed is df0143b1. > > > Last conversation regarding this was: > >> Actually nobody wants to use those non-personalized >> certificates that TeleSec puts on their cards. >> >> Here's what I might do: I could reorder the certificates in the >> Netkey emulation such that the user-certificates will be >> the first to be loaded (if they exist). And the TeleSeec >> certificate will be loaded last. > > Sounds like a nice solution, but its currently not implemented: > the certs with id 47 are looked up in files df01c200 and df0143b1 > so OpenSwan grabs the first one but i need the latter one. > Try strongSwan from http://www.strongswan.org which has a regular PKCS#11 smartcard interface and allows to select certificates according to position e.g.
leftcert=%smartcard#4 which is the fourth certificate in the enumeration shown by ipsec listcards Read the details in the strongSwan smartcard configuration howto http://www.strongswan.org/docs/readme.htm#section_8 Regards Andreas > Is there a better way to do this? > > > greetings, Christian. ====================================================================== Andreas Steffen [EMAIL PROTECTED] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel