Re: Gpg4win LetsEncrypt issue
It is just dirmngr Through browsers everything works fine as well as from gpg command line client in Linux ср, 29 груд. 2021 р. о 23:34 Andrew Gallagher via Gnupg-users < gnupg-users@gnupg.org> пише: > > > On 29 Dec 2021, at 21:12, Alex Nadtoka wrote: > > > > We have our internal GPG server( I want people in company to be able to > connect to it from windows as well... > > OK, so you definitely need to solve the root certificate issue. > > Do sites using letsencrypt work from an Edge browser on that machine, or > is it just dirmngr? > > A > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Error in 2.3 regarding reader-port (infinite loop)
Hey everyone, I just updated my Windows PC to 2.3. I used the "reader-port" option in scdaemon.conf to only use my Yubikey. Since updating I have found that with that option set, the scdaemon goes into an infinite loop when trying to access smart cards (for example Kleopatra hangs while opening). If I remove the reader-port option in the config, the loop stops. Looking at the logs, it seems like scd is constantly trying to initiate the first reader it finds) I have attached logs of the wrong and correct behavior I observed (debug-level guru, debug-all). Best, Anze Jensterle 2021-12-29 14:18:30 scdaemon[19892] DBG: chan_0x0300 <- SERIALNO --all 2021-12-29 14:18:30 scdaemon[19892] detected reader 'ACS ACR1252 1S CL Reader PICC 0' 2021-12-29 14:18:30 scdaemon[19892] detected reader 'ACS ACR1252 1S CL Reader SAM 0' 2021-12-29 14:18:30 scdaemon[19892] detected reader 'OMNIKEY CardMan 3821 0' 2021-12-29 14:18:30 scdaemon[19892] detected reader 'Windows Hello for Business 1' 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: ACS ACR1252 1S CL Reader PICC 0 2021-12-29 14:18:30 scdaemon[19892] DBG: apdu_open_reader: new device=ACS ACR1252 1S CL Reader PICC 02021-12-29 14:38:46 scdaemon[10144] DBG: chan_0x02e4 <- serialno 2021-12-29 14:38:46 scdaemon[10144] detected reader 'OMNIKEY CardMan 3821 0' 2021-12-29 14:38:46 scdaemon[10144] detected reader 'Windows Hello for Business 1' 2021-12-29 14:38:46 scdaemon[10144] detected reader 'Yubico YubiKey OTP+FIDO+CCID 0' 2021-12-29 14:38:46 scdaemon[10144] DBG: apdu_open_reader: OMNIKEY CardMan 3821 0 2021-12-29 14:38:46 scdaemon[10144] DBG: apdu_open_reader: new device=OMNIKEY CardMan 3821 0 2021-12-29 14:38:46 scdaemon[10144] reader slot 0: not connected 2021-12-29 14:38:46 scdaemon[10144] DBG: enter: apdu_connect: slot=0 2021-12-29 14:38:46 scdaemon[10144] DBG: feature: code=06, len=4, v=31300C 2021-12-29 14:38:46 scdaemon[10144] DBG: feature: code=07, len=4, v=313010 2021-12-29 14:38:46 scdaemon[10144] DBG: feature: code=0F, len=4, v=31302C 2021-12-29 14:38:46 scdaemon[10144] DBG: feature: code=11, len=4, v=313034 2021-12-29 14:38:46 scdaemon[10144] DBG: feature: code=0A, len=4, v=313008 2021-12-29 14:38:46 scdaemon[10144] DBG: feature: code=10, len=4, v=313030 2021-12-29 14:38:46 scdaemon[10144] reader slot 0: active protocol: T0 2021-12-29 14:38:46 scdaemon[10144] slot 0: ATR=3b7d9680318065b0830201f383009000 2021-12-29 14:38:46 scdaemon[10144] DBG: pcsc_get_status_change: changed present excl inuse 2021-12-29 14:38:46 scdaemon[10144] DBG: leave: apdu_connect => sw=0x0 2021-12-29 14:38:46 scdaemon[10144] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0 2021-12-29 14:38:46 scdaemon[10144] DBG: PCSC_data: 00a4000c023f00 2021-12-29 14:38:46 scdaemon[10144] DBG: response: sw=6A86 datalen=0 2021-12-29 14:38:46 scdaemon[10144] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0 2021-12-29 14:38:46 scdaemon[10144] DBG: PCSC_data: 00a4040006d27600012401 2021-12-29 14:38:46 scdaemon[10144] DBG: response: sw=6A82 datalen=0 2021-12-29 14:38:46 scdaemon[10144] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=9 le=256 em=0 2021-12-29 14:38:46 scdaemon[10144] DBG: PCSC_data: 00a4040009a003081000 2021-12-29 14:3
Re: Gpg4win LetsEncrypt issue
> On 29 Dec 2021, at 21:12, Alex Nadtoka wrote: > > We have our internal GPG server( I want people in company to be able to > connect to it from windows as well... OK, so you definitely need to solve the root certificate issue. Do sites using letsencrypt work from an Edge browser on that machine, or is it just dirmngr? A ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gpg4win LetsEncrypt issue
We have our internal GPG server( I want people in company to be able to connect to it from windows as well... ср, 29 груд. 2021 р. о 23:11 Andrew Gallagher via Gnupg-users < gnupg-users@gnupg.org> пише: > > On 29 Dec 2021, at 20:15, Alex Nadtoka wrote: > > yes it works with keyserver-01.2ndquadrant.com > > > Is this server sufficient for your purposes or do you also need to support > an internal keyserver? > > A > > ср, 29 груд. 2021 р. о 17:06 Andrew Gallagher via Gnupg-users < > gnupg-users@gnupg.org> пише: > >> On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: >> > I cannot connect to any keyserver. The error is certificate expired. >> > I am on latest (I think) Windows 10 . Tried reinstalling it or >> > installing on new Windows machine but no luck . dirmngr keeps telling >> > me that certificate is expired. >> >> Have you tried configuring an hkps keyserver that does not use >> LetsEncrypt, e.g. keyserver-01.2ndquadrant.com ? >> >> A >> ___ >> Gnupg-users mailing list >> Gnupg-users@gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gpg4win LetsEncrypt issue
> On 29 Dec 2021, at 20:15, Alex Nadtoka wrote: > > yes it works with keyserver-01.2ndquadrant.com Is this server sufficient for your purposes or do you also need to support an internal keyserver? A > ср, 29 груд. 2021 р. о 17:06 Andrew Gallagher via Gnupg-users > пише: >> On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: >> > I cannot connect to any keyserver. The error is certificate expired. >> > I am on latest (I think) Windows 10 . Tried reinstalling it or >> > installing on new Windows machine but no luck . dirmngr keeps telling >> > me that certificate is expired. >> >> Have you tried configuring an hkps keyserver that does not use >> LetsEncrypt, e.g. keyserver-01.2ndquadrant.com ? >> >> A >> ___ >> Gnupg-users mailing list >> Gnupg-users@gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gpg4win LetsEncrypt issue
yes it works with keyserver-01.2ndquadrant.com ср, 29 груд. 2021 р. о 17:06 Andrew Gallagher via Gnupg-users < gnupg-users@gnupg.org> пише: > On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: > > I cannot connect to any keyserver. The error is certificate expired. > > I am on latest (I think) Windows 10 . Tried reinstalling it or > > installing on new Windows machine but no luck . dirmngr keeps telling > > me that certificate is expired. > > Have you tried configuring an hkps keyserver that does not use > LetsEncrypt, e.g. keyserver-01.2ndquadrant.com ? > > A > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gpg4win LetsEncrypt issue
On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: > I cannot connect to any keyserver. The error is certificate expired. > I am on latest (I think) Windows 10 . Tried reinstalling it or > installing on new Windows machine but no luck . dirmngr keeps telling > me that certificate is expired. Have you tried configuring an hkps keyserver that does not use LetsEncrypt, e.g. keyserver-01.2ndquadrant.com ? A signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Gpg4win LetsEncrypt issue
I cannot connect to any keyserver. The error is certificate expired. I am on latest (I think) Windows 10 . Tried reinstalling it or installing on new Windows machine but no luck . dirmngr keeps telling me that certificate is expired. I know I can put ignore-cert followed by the SHA-1 fingerprint of the problematic certificate in my dirmngr.conf to ignore certificate errors. But where I can get thouse fingerprints for lets encrypt certificates? I feel like I I can get ot from here ... but not sure where exactly the fingerpring is? ( https://letsencrypt.org/certificates/ Also it should be for root or intermediate CA or both? Also is there anybody who can successfully connect with Kleopatra to any keyserver on Windows? Oleksandr ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
