Hello,
Just a quick notice that a section about "certificate compatibility" seems justified somewhere in documentation. I recently debugged an issue where OpenSC.tokend did not seem to work (no certificates visible in Keychain.app) yet logs and everything else seemed to suggest that everything is OK. Indeed, replacing the certificate with a "known good" one (in fact from my eID card) made Keychain.app work and display the certificate (without any differences in logs) This mostly concerns people who create CA profiles or depend on a "fixed CA scheme" and try to use OpenSC but fail on some interface (like Minidriver or Tokend) Best, Martin On Mon, Jun 6, 2011 at 11:23, Viktor Tarasov <viktor.tara...@gmail.com> wrote: > Le 06/06/2011 09:46, HOURY William a écrit : >> >> Hi Viktor, >> After more testing, it appears that the issue cannot be reproduced with >> all my certificates but only some of them. >> I put attached details about the cert I use most of the time. > > Does there any difference between this certificate and the ones that are > going well for you? > > I have no deep insight into the smartcard logon. > Here attached the certificate that works for me with Athena ASEPCOS card, > maybe I'll find a crucial difference with your test certificate. > > >> Thanks >> William > > Kind wishes, > Viktor. > > >> -----Message d'origine----- >> De : Viktor Tarasov [mailto:viktor.tara...@gmail.com] >> Envoyé : vendredi 3 juin 2011 16:53 >> À : Viktor Tarasov >> Cc : HOURY William; opensc-devel@lists.opensc-project.org >> Objet : Re: [opensc-devel] First Smartcard logon issue on XP SP3 with >> OpenSC 12.1 >> >> Le 03/06/2011 09:21, Viktor Tarasov a écrit : >>> >>> Le 03/06/2011 09:06, HOURY William a écrit : >>>> >>>> Hi Viktor, >>>> >>>> I have other middlewares installed but I have disabled all the >>>> proprietary certificate propagation tools and only activated the windows >>>> one >>>> (the sccertprop registry value is well set). >>> >>> Ok, once more it hasn't worked. Thank you. >>> Will try to reproduce. >> >> For a while I cannot reproduce. >> >> The test was done with the card: >> Athena ASEPCOS >> atr: 3b:d6:18:00:81:b1:80:7d:1f:03:80:51:00:61:10:30:8f. >> >> Card initialized with the following commands: >> # pkcs15-init -E >> # pkcs15-init -C --label "IDX-SCM" -P --auth-id 53434D --so-pin "12345678" >> --so-puk "123456" --pin "9999" --puk "8888" >> >> >> Pkcs#12 with the 'SmartcardLogon' + 'Client Authentication' certificate is >> imported by : >> # pkcs15-init -a 53434D --label "basic user smartcard logon" -S >> basic_user.p12 -f pkcs12 --passphrase coucou --so-pin "12345678" --pin >> "9999" --key-usage digitalSignature,dataEncipherment --cert-label "basic >> user smartcard logon" >> >> (Don't know why with the key usage derived from the certificate extensions >> it's not worked.) >> >> >> The first login to AD on the XP platform is OK . >> Also works the sequence 'clean-up personal key store'> log-off> log-in. >> >> >> Kind regards, >> Viktor. >> >> ________________________________ >> >> >> Ce message et les pièces jointes sont confidentiels et réservés à l'usage >> exclusif de ses destinataires. Il peut également être protégé par le secret >> professionnel. Si vous recevez ce message par erreur, merci d'en avertir >> immédiatement l'expéditeur et de le détruire. L'intégrité du message ne >> pouvant être assurée sur Internet, la responsabilité du groupe Atos Origin >> ne pourra être recherchée quant au contenu de ce message. Bien que les >> meilleurs efforts soient faits pour maintenir cette transmission exempte de >> tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa >> responsabilité ne saurait être recherchée pour tout dommage résultant d'un >> virus transmis. >> >> This e-mail and the documents attached are confidential and intended >> solely for the addressee; it may also be privileged. If you receive this >> e-mail in error, please notify the sender immediately and destroy it. As its >> integrity cannot be secured on the Internet, the Atos Origin group liability >> cannot be triggered for the message content. Although the sender endeavours >> to maintain a computer virus-free network, the sender does not warrant that >> this transmission is virus-free and will not be liable for any damages >> resulting from any virus transmitted. > > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
