pkinit updates
Nicolas Williams
Nicolas.Williams at sun.com
Thu Dec 14 11:24:51 EST 2006
On Wed, Dec 13, 2006 at 05:55:36PM -0600, Douglas E. Engert wrote:
> Douglas E. Engert wrote:
> >I will have to try the OpenSC pkcs11-tool --module /usr/lib/libpkcs11.so
> >after I build it tonight.
>
> Well it built sooner then expected:
I'm told it does work, yes.
> It has one slot, with a token labeled "Sun Metaslot" with lots
> of methods, but no keys, certs or other objects.
Yes. Perhaps I've misunderstood the purpose of token labels.
> Its a start. Now how can I get an OpenSC opensc-pkcs11.so signed
> and called?
See the URL I quoted earlier:
http://docs.sun.com/app/docs/doc/816-4863/6mb20lvi3?a=view
First, generate a certificate request:
% elfsign request -k private-keyfile -r certificate-request
<interactive questionaire>
then send the certreq to solaris-crypto-req at sun.com; when you get the
cert back from Sun just place it in /etc/crypto/certs and sign the
module:
% elfsign sign -k private-keyfile -c Sun-certificate -e provider-object
and install the module.
> P.S. Who assigned the token label?
Right, either I misunderstood the purpose of token labels or this is a
bug -- I'm betting on the former.
Nico
--
More information about the krbdev
mailing list