Menu
▾
▴
Re: [Opensc-devel] pkcs15-init --store-certificate: Failed to store certificate: Non unique object ID
|
From: Graham L. <mi...@sh...> - 2020-01-29 10:39:37
|
> On 29 Jan 2020, at 11:00, Jakub Jelen <jj...@re...> wrote: > > On Wed, 2020-01-29 at 10:05 +0200, Graham Leggett wrote: >> Hi all, >> >> When an attempt is made to load a renewed certificate onto a properly >> formatted and otherwise working smartcard as follows, the error "Non >> unique object ID" is returned as follows: >> >> [root@gatekeeper ~]# pkcs15-init --store-certificate john.cer --label >> "John Smith (Globalsign)" --auth-id 01 >> Using reader with a card: ACS ACR 38U-CCID 00 00 >> Failed to store certificate: Non unique object ID >> >> Can someone explain what this error is trying to tell me? > > You are trying to write an object with the same ID that already exists. Can you explain further what this ID is? Is this something embedded in the new certificate, or is this something on the smartcard? >> What is an “object ID” when it comes to a certificate? > > Object ID is a ID used to pair public, private and certificate objects > in PKCS#11 layer and I believe also in PKCS#15 layer. How do I set this ID, or control it? Which attribute of the certificate is treated as the “id”? >> There is a previous certificate on the same smartcard that is being >> renewed, does this previous certificate need to be removed before the >> replacement is added? > > Probably yes. Certainly it should not have the same ID as the new one. > In that case, the applications would not know which of the certificates > to use easily before parsing the whole blob. Is the ID the subject? Fingerprint? Something else? Regards, Graham — |
