npiganeau
commented
10 years ago Hi, Can you send:
- your openvpn config file ?
- the output of "pkcs15-tool.exe --dump" ?
Open jans23 opened 10 years ago
npiganeau
commented
10 years ago Hi, Can you send:
Hi! When using a (PIN protected) smart card and enabling smart card support in OpenVPN Manager 0.0.3.8, I retrieve the following error.
Mon Oct 07 21:00:38 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013 Mon Oct 07 21:00:38 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:11197 Mon Oct 07 21:00:38 2013 Need hold release from management interface, waiting... Mon Oct 07 21:00:38 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:11197 Mon Oct 07 21:00:38 2013 MANAGEMENT: CMD 'log on all' Mon Oct 07 21:00:38 2013 MANAGEMENT: CMD 'state on' Mon Oct 07 21:00:38 2013 MANAGEMENT: CMD 'hold release' Mon Oct 07 21:00:38 2013 PKCS#11: Adding PKCS#11 provider 'c:\Windows\System32\opensc-pkcs11.dll' Mon Oct 07 21:00:38 2013 MANAGEMENT: CMD 'pkcs11-id-count' Mon Oct 07 21:01:27 2013 MANAGEMENT: CMD 'pkcs11-id-count' Mon Oct 07 21:01:28 2013 MANAGEMENT: CMD 'pkcs11-id-count' Mon Oct 07 21:01:31 2013 MANAGEMENT: CMD 'signal SIGTERM' Mon Oct 07 21:01:31 2013 Cannot load certificate "(null)" using PKCS#11 interface Mon Oct 07 21:01:31 2013 SIGHUP[hard,private-key-password-failure] received, process restarting Mon Oct 07 21:01:31 2013 MANAGEMENT: >STATE:1381172491,RECONNECTING,private-key-password-failure,, Mon Oct 07 21:01:31 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013 Mon Oct 07 21:01:31 2013 MANAGEMENT: CMD 'signal SIGTERM' Mon Oct 07 21:01:31 2013 Signal received from management interface, exiting
The following verifies, that my smart card is connected as required: C:\Program Files\OpenVPN\bin> openvpn.exe --show-pkcs11-ids c:\Windows\System32\opensc-pkcs11.dll
The following objects are available for use. Each object shown below may be used as parameter to --pkcs11-id option please remember to use single quote mark.
Certificate DN: CN=mydomain.example.com Serial: 020EFB Serialized id: ZeitControl/PKCS\x2325\x20emulated/000500000c81/OpenPGP\x20card\x20\x28User\x20PIN\x29/03