Le 06/06/2011 11:22, Martin Paljak a écrit : > Hello, > > > Just a quick notice that a section about "certificate compatibility" > seems justified somewhere in documentation.
Yes, it would be very useful. I imagine that subtle expert knowledge of the subject is needed, for example when it's going about BaseCSP, minidriver, SmartcardLogon, ... > I recently debugged an issue where OpenSC.tokend did not seem to work > (no certificates visible in Keychain.app) yet logs and everything else > seemed to suggest that everything is OK. Indeed, replacing the > certificate with a "known good" one (in fact from my eID card) made > Keychain.app work and display the certificate (without any differences > in logs) > > This mostly concerns people who create CA profiles or depend on a > "fixed CA scheme" and try to use OpenSC but fail on some interface > (like Minidriver or Tokend) > > > Best, > Martin Kind regards, Viktor. > > On Mon, Jun 6, 2011 at 11:23, Viktor Tarasov<viktor.tara...@gmail.com> wrote: >> Le 06/06/2011 09:46, HOURY William a écrit : >>> Hi Viktor, >>> After more testing, it appears that the issue cannot be reproduced with >>> all my certificates but only some of them. >>> I put attached details about the cert I use most of the time. >> Does there any difference between this certificate and the ones that are >> going well for you? >> >> I have no deep insight into the smartcard logon. >> Here attached the certificate that works for me with Athena ASEPCOS card, >> maybe I'll find a crucial difference with your test certificate. >> >> >>> Thanks >>> William >> Kind wishes, >> Viktor. >> >> >>> -----Message d'origine----- >>> De : Viktor Tarasov [mailto:viktor.tara...@gmail.com] >>> Envoyé : vendredi 3 juin 2011 16:53 >>> À : Viktor Tarasov >>> Cc : HOURY William; opensc-devel@lists.opensc-project.org >>> Objet : Re: [opensc-devel] First Smartcard logon issue on XP SP3 with >>> OpenSC 12.1 >>> >>> Le 03/06/2011 09:21, Viktor Tarasov a écrit : >>>> Le 03/06/2011 09:06, HOURY William a écrit : >>>>> Hi Viktor, >>>>> >>>>> I have other middlewares installed but I have disabled all the >>>>> proprietary certificate propagation tools and only activated the windows >>>>> one >>>>> (the sccertprop registry value is well set). >>>> Ok, once more it hasn't worked. Thank you. >>>> Will try to reproduce. >>> For a while I cannot reproduce. >>> >>> The test was done with the card: >>> Athena ASEPCOS >>> atr: 3b:d6:18:00:81:b1:80:7d:1f:03:80:51:00:61:10:30:8f. >>> >>> Card initialized with the following commands: >>> # pkcs15-init -E >>> # pkcs15-init -C --label "IDX-SCM" -P --auth-id 53434D --so-pin "12345678" >>> --so-puk "123456" --pin "9999" --puk "8888" >>> >>> >>> Pkcs#12 with the 'SmartcardLogon' + 'Client Authentication' certificate is >>> imported by : >>> # pkcs15-init -a 53434D --label "basic user smartcard logon" -S >>> basic_user.p12 -f pkcs12 --passphrase coucou --so-pin "12345678" --pin >>> "9999" --key-usage digitalSignature,dataEncipherment --cert-label "basic >>> user smartcard logon" >>> >>> (Don't know why with the key usage derived from the certificate extensions >>> it's not worked.) >>> >>> >>> The first login to AD on the XP platform is OK . >>> Also works the sequence 'clean-up personal key store'> log-off> >>> log-in. >>> >>> >>> Kind regards, >>> Viktor. >>> >>> ________________________________ >>> >>> >>> Ce message et les pièces jointes sont confidentiels et réservés à l'usage >>> exclusif de ses destinataires. Il peut également être protégé par le secret >>> professionnel. Si vous recevez ce message par erreur, merci d'en avertir >>> immédiatement l'expéditeur et de le détruire. L'intégrité du message ne >>> pouvant être assurée sur Internet, la responsabilité du groupe Atos Origin >>> ne pourra être recherchée quant au contenu de ce message. Bien que les >>> meilleurs efforts soient faits pour maintenir cette transmission exempte de >>> tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa >>> responsabilité ne saurait être recherchée pour tout dommage résultant d'un >>> virus transmis. >>> >>> This e-mail and the documents attached are confidential and intended >>> solely for the addressee; it may also be privileged. If you receive this >>> e-mail in error, please notify the sender immediately and destroy it. As its >>> integrity cannot be secured on the Internet, the Atos Origin group liability >>> cannot be triggered for the message content. Although the sender endeavours >>> to maintain a computer virus-free network, the sender does not warrant that >>> this transmission is virus-free and will not be liable for any damages >>> resulting from any virus transmitted. >> >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel >> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel