[opensc-devel] problem making certificate request

Thu, 18 Aug 2011 02:18:38 -0700 

hi,

 Am trying to authenticate a supplicant against a radius server with EAP tls
smartcard authentication, initially i created keys in my computer and stored
in the smartcard through pkcs15, and created the pkcs15 structure for my
card and so for the PAM authentication i installed libpam_pkcs11, and to
communicate with my openssl version 1.0.0a , i installed
libengine_pkcs11-openssl and it ididn't support the openssl version, so i
reinstalled with a rebuild version of engine_pkcs11(engine-pkcs11
0.1.8-2build1) and i could load my pkcs11 engine and module opensc-engine.so

OpenSSL> engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
MODULE_PATH:/usr/lib/opensc-pkcs11.so
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:/usr/lib/opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine
     [ available ]

and then when i was about to create the certficate, i get the following bug,

OpenSSL> req -new -x509 -days 365 -keyform engine -engine pkcs11 -key
slot_1-id_20ef41bf5f70ee3aec26b78ee1ce108a26c52d82 -out mysmartcard.cert.pem
engine "pkcs11" set.
PKCS#11 token PIN:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [UK]:UK
State or Province Name (full name) [xxxxxxxxx]:xxxxxxxxx
Lancaster []:Lancaster
Organization Name (eg, company) [xxxxxxx xxxxxx]:xxxxxxx xxxxxx
Organizational Unit Name (eg, section) []:xxxxxxx
Common Name (eg, YOUR name) [xxxxxxx xxxxxx]:xxxxxxx xxxxxx

Email Address [d.gunaseka...@gmail.com]:d.gunaseka...@gmail.com
problems making Certificate Request
1116904:error:0B07807C:x509 certificate routines:X509_PUBKEY_set:method not
supported:x_pubkey.c:112:
Segmentation fault

 hardware which am using is omnikey 3121 reader and feitian pki card.

can anyone spotlight, what's the cause of this error...

thanks,
dhinu.



>
>

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to