hi, Am trying to authenticate a supplicant against a radius server with EAP tls smartcard authentication, initially i created keys in my computer and stored in the smartcard through pkcs15, and created the pkcs15 structure for my card and so for the PAM authentication i installed libpam_pkcs11, and to communicate with my openssl version 1.0.0a , i installed libengine_pkcs11-openssl and it ididn't support the openssl version, so i reinstalled with a rebuild version of engine_pkcs11(engine-pkcs11 0.1.8-2build1) and i could load my pkcs11 engine and module opensc-engine.so
OpenSSL> engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so (dynamic) Dynamic engine loading support [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so [Success]: ID:pkcs11 [Success]: LIST_ADD:1 [Success]: LOAD [Success]: MODULE_PATH:/usr/lib/opensc-pkcs11.so Loaded: (pkcs11) pkcs11 engine [ available ] and then when i was about to create the certficate, i get the following bug, OpenSSL> req -new -x509 -days 365 -keyform engine -engine pkcs11 -key slot_1-id_20ef41bf5f70ee3aec26b78ee1ce108a26c52d82 -out mysmartcard.cert.pem engine "pkcs11" set. PKCS#11 token PIN: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [UK]:UK State or Province Name (full name) [xxxxxxxxx]:xxxxxxxxx Lancaster []:Lancaster Organization Name (eg, company) [xxxxxxx xxxxxx]:xxxxxxx xxxxxx Organizational Unit Name (eg, section) []:xxxxxxx Common Name (eg, YOUR name) [xxxxxxx xxxxxx]:xxxxxxx xxxxxx Email Address [d.gunaseka...@gmail.com]:d.gunaseka...@gmail.com problems making Certificate Request 1116904:error:0B07807C:x509 certificate routines:X509_PUBKEY_set:method not supported:x_pubkey.c:112: Segmentation fault hardware which am using is omnikey 3121 reader and feitian pki card. can anyone spotlight, what's the cause of this error... thanks, dhinu. > >
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel