Menu
▾
▴
[Openvpn-users] openvpn and spanish eID (DNIe or DNI electronico)
|
From: Sergio <ser...@ho...> - 2011-07-14 17:53:51
|
Hi, i'm new in this forum. I'm trying to set up openvpn with an smartcard like spanish eID (DNIe or DNI electronico). I have some experience in this kind of token and now i'm experiencing two problems: 1) to get access to certificates and keys you must enter the pin. So, when i put: openvpn --show-pkcs11-ids UsrPkcs11.dll i get access only to a intermediate CA certificate, so i cannot get "pkcs11-id" value to put it in client configuration although i could use a "--pin" option 2) with above command i get the intermediate CA id, but it contains chars with backslashes, so the client fails when reading configuration file. Although this id is not a client certificate's, i tried it to see configuration file behaviour. The command output: opensc\bin>openvpn --show-pkcs11-ids UsrPkcs11.dll The following objects are available for use. Each object shown below may be used as parameter to --pkcs11-id option please remember to use single quote mark. Certificate DN: /C=ES/O=DIRECCION GENERAL DE LA POLICIA/OU=DNIE/CN=AC DNIE 001 Serial: 642066C9997BAEE14402DA6EA422D649 Serialized id: DGP\x2DFNMT//\x86\xE5\x21\x21pQ\x19/DNI\x20electr├│nico/5338364535323132313730353131393230303831323139313230373538 As you can see, Serialized id constains backslashes and rare chars. I use windows xp and the last build in http://www.opensc-project.org/downloads/users/alonbl/build/ Could i construct pkcs11-id value using the information provided by pkcs11-tool? For example, with pkcs11-tool i get an id like 5338364535323132313730353131393230303831323139313230373538 to that intermediate ca cert. I could extract also the path and then put it as serilized-id in openvpn... regards -- Sergio |
