Red Hat Bugzilla – Bug 499077
Unable to load 4 certs onto smartcard
Last modified: 2015-01-04 18:38:12 EST
With tps profile changes in CS.cfg, we have been trying to get 4 certificates
on to the smartcard. But have been unsuccessful so far.
I'm attaching the profiles we used to the bug.
the profile we have been changing are userKey
Created attachment 342412 [details]
Profile to generate 3 certs on the token. (userKey)
Created attachment 342413 [details]
Profile to generate 4 certs on the token. (userKey)
This turned out to be a misconfiguration.
On the Safenet64K I tried this and got it to work.
Have not tried the Safenet, the only limitation could be memory space.
I will attach a copy of the successful CS.cfg for TPS to get it working.
A quick diff between my CS.cfg and the one attached here that did not work.
A screen shot of ESC showing the 4 certs.
Created attachment 346948 [details]
Screen shot with 4 certs
Created attachment 346949 [details]
Created attachment 346950 [details]
CS.cfg difference between failed and successful
I forgot to mention, the main problem is that the certs, public keys and private keys are given numbers and attributes. For instance the signing cert will have a private key number of 0 and public key number of 1. Etc. The numbering was was confused and thus confused the token when trying to generate the "email" private key.
If the safenet is found not to work, we can open a new bug since it will be resource limited and require action in the applet.
Just for fun, I tried this on a safenet card and it was able to load these 4 certs just fine.
Tested loading 4 certs on both Gemalto 64K and Safenet 330J cards with the above mentioned Successful CS.cfg, able to load 4 certs.
This bug is a user error, hence closing with status notabug.