Menu
▾
▴
Re: [Opensc-devel] pkcs15-init --store-certificate: Failed to store certificate: Non unique object ID
|
From: Jakub J. <jj...@re...> - 2020-01-29 10:43:21
|
On Wed, 2020-01-29 at 12:39 +0200, Graham Leggett wrote: > > On 29 Jan 2020, at 11:00, Jakub Jelen <jj...@re...> wrote: > > > > On Wed, 2020-01-29 at 10:05 +0200, Graham Leggett wrote: > > > Hi all, > > > > > > When an attempt is made to load a renewed certificate onto a > > > properly > > > formatted and otherwise working smartcard as follows, the error > > > "Non > > > unique object ID" is returned as follows: > > > > > > [root@gatekeeper ~]# pkcs15-init --store-certificate john.cer -- > > > label > > > "John Smith (Globalsign)" --auth-id 01 > > > Using reader with a card: ACS ACR 38U-CCID 00 00 > > > Failed to store certificate: Non unique object ID > > > > > > Can someone explain what this error is trying to tell me? > > > > You are trying to write an object with the same ID that already > > exists. > > Can you explain further what this ID is? Is this something embedded > in the new certificate, or is this something on the smartcard? It is concept of the smart card. But there is a way to derive it from the public key if you need to. See the manual page for pkcs15-init, the --id switch describes this. > > > What is an “object ID” when it comes to a certificate? > > > > Object ID is a ID used to pair public, private and certificate > > objects > > in PKCS#11 layer and I believe also in PKCS#15 layer. > > How do I set this ID, or control it? pkcs15-init --id switch should do it. Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc. |
