[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] openvpn PKCS#11 problem in Windows XP


  • Subject: Re: [Openvpn-users] openvpn PKCS#11 problem in Windows XP
  • From: "Mister T" <internetthierry@xxxxxxxxx>
  • Date: Tue, 8 May 2007 22:38:59 +0200

Hello Alon,

Problem solved!
The solution was indeed at the opensc side. In Windows XP and Linux, the command
pkcs11-tool --module "C:\Program Files\Smart card bundle\opensc- pkcs11.dll" --list-objects
works fine now and so also "openvpn --config client.ovpn" when
I included the following lines in the opensc.conf file:
...
    # Starcos SPK 2.4
    card_atr "3b:b7:18:00:c0:3e:31:fe:65:53:50:4b:32:34:90:00:25" {
        driver = "starcos";
        name = "STARCOS SPK 2.4";
        force_protocol = t0;
    }
...

The cause of this issue was a not recognized ATR of my Starcos SPK 2.4 smartcard.

In my client.ovpn (WinXP) or client.conf (Linux) I used the following configuration:
...
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
# Smart card certificates stored on openSC-pkcs#15 formated Startcos smartcard
pkcs11-sign-mode sign
pkcs11-providers "C:\\Program Files\\Smart card bundle\\opensc-pkcs11.dll"
pkcs11-slot-type label
pkcs11-slot "OpenSC Card (PIN)"
pkcs11-id-type id
pkcs11-id 02
...

The version of the Smart card bundle package for Windows XP is scb-0.7.exe.
In Linux, opensc-0.11.1-6 is installed.

Many thanks for your help and clarifying mails.

Best Regards,
Thierry