Red Hat Bugzilla – Bug 906537
CAC card ( Gemalto GCX4 72k) shows invalid-signature message during pkinit
Last modified: 2017-02-06 10:16:53 EST
Description of problem:
DOD CAC ( Gemalto GCX4 72k) shows invalid-signature during pkinit.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. kinit using the CAC card.
Eror message: Invalid Signature while getting the initial credentials.
kinit with this CAC card should be successful.
Downgraded the coolkey version to coolkey-1.1.0-20, pkinit works fine for the card. Getting the invalid signature error for the card with cookey -21 and also -24.
Another CAC (Gemalto TOPDLGX 144) pkinit works fine with coolkey -26.
Bob can you please add the appropriate information in the doc text field for the technical note - know issues
Doc Text field updated.
Is there anything else I need to do (set flags here or in the errata?
Signatures appear to work with my Gemalto GCX4 72K PIV endpoint card with built -27
Works fine using coolkey-1.1.0-30.el6 on RHEL 6.5
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.