[opensc-devel] serialnumber
Hi all, I'm realizing that I'm probably at the wrong list, but I guess I'll find here the largest population of smartcard users ;-) We are using smartcards for setting up OpenVPN tunnels, which works quite nice. However, I detect some strange behavior. According to the openvpn-docu, (at the server-side) one of their environment variables, tls_id_0 should contain the hexadecimal value of the certificate. In reality in contains completely other fields, like CN=, OU=, O= and C=. First I check this with some of the developers of openVPN (JJK), and he said that it works with him correctly and could demonstrate it if needed. Other possibility could be that I found another feature of our middleware. Is there any tool to lookup the serialnumber of a certificate stored on a smartcard directly? I know I can export the certificate manually and use openssl to analyse it, but can it be done with one of the pkcs* open opensc* tools? Kind regards, Hans __ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] serialnumber
Typo, I meant tls_serial_0 instead of tls_id_0 -Original Message- From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of j.witvl...@mindef.nl Sent: Thursday, September 08, 2011 12:27 PM To: opensc-devel@lists.opensc-project.org Subject: [opensc-devel] serialnumber Hi all, I'm realizing that I'm probably at the wrong list, but I guess I'll find here the largest population of smartcard users ;-) We are using smartcards for setting up OpenVPN tunnels, which works quite nice. However, I detect some strange behavior. According to the openvpn-docu, (at the server-side) one of their environment variables, tls_id_0 should contain the hexadecimal value of the certificate. In reality in contains completely other fields, like CN=, OU=, O= and C=. First I check this with some of the developers of openVPN (JJK), and he said that it works with him correctly and could demonstrate it if needed. Other possibility could be that I found another feature of our middleware. Is there any tool to lookup the serialnumber of a certificate stored on a smartcard directly? I know I can export the certificate manually and use openssl to analyse it, but can it be done with one of the pkcs* open opensc* tools? Kind regards, Hans __ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] serialnumber
Hello, On Thu, Sep 8, 2011 at 13:27, j.witvl...@mindef.nl wrote: According to the openvpn-docu, (at the server-side) one of their environment variables, tls_id_0 should contain the hexadecimal value of the certificate. In reality in contains completely other fields, like CN=, OU=, O= and C=. I guess the tls_id_0 should contain exactly this, the subject of the certificate? Is there any tool to lookup the serialnumber of a certificate stored on a smartcard directly? I know I can export the certificate manually and use openssl to analyse it, but can it be done with one of the pkcs* open opensc* tools? pkcs15-tool --read-certificate num | openssl x509 -text ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] serialnumber
-Original Message- From: martin.pal...@gmail.com [mailto:martin.pal...@gmail.com] On Behalf Of Martin Paljak Sent: Thursday, September 08, 2011 3:35 PM To: Witvliet, J, CDC/IVENT/OPS/IS/HIN Cc: opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] serialnumber Hello, On Thu, Sep 8, 2011 at 13:27, j.witvl...@mindef.nl wrote: According to the openvpn-docu, (at the server-side) one of their environment variables, tls_id_0 should contain the hexadecimal value of the certificate. In reality in contains completely other fields, like CN=, OU=, O= and C=. I guess the tls_id_0 should contain exactly this, the subject of the certificate? Is there any tool to lookup the serialnumber of a certificate stored on a smartcard directly? I know I can export the certificate manually and use openssl to analyse it, but can it be done with one of the pkcs* open opensc* tools? pkcs15-tool --read-certificate num | openssl x509 -text -Original Message- Would like to try it, but the pkcs15-tool fails with unsupported card With pkcs11-tool I hev to provide --module /usr/lib/libaetpkss.so.3.0 . But pkcs15-tool does not have the --module option. hw __ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
